-
1. Re: Does teiid jdbc client driver support using certificate whose cn name does not match with server hostname?
Jack,
No such property currently exists. However there is submit a completely new certifacte for the Teiid connection in addition to what you have. You can log JIRA, will see if there is any interest in this feature.
Thanks
Ramesh..
-
2. Re: Does teiid jdbc client driver support using certificate whose cn name does not match with server hostname?
Thanks Ramesh.
An optional feature request was created at jira: https://issues.jboss.org/browse/TEIID-2282
Thanks
Jack
-
3. Re: Does teiid jdbc client driver support using certificate whose cn name does not match with server hostname?
Jack,
Did you try this scenario with Teiid? I don't believe this should be an issue for us as we are not using https, but rather direct ssl, which doesn't require host name verification.
Steve
-
4. Re: Does teiid jdbc client driver support using certificate whose cn name does not match with server hostname?
Hi Steve:
Even you use the ssl, the client application(like squirrel) have to verifying the certificate. We could disable the hosename verification during the certificate valification, but I think that is less secure. If teiid jdbc driver could provide the "hostNameInCertificate" lilke MS SQL jdbc driver did, then teiid will know which hostname to verify, this is more secure.
Thanks
Jack
-
5. Re: Does teiid jdbc client driver support using certificate whose cn name does not match with server hostname?
Jack,
Yes, validating the host name does make the connection more secure. However, this is a different issue than what I understood initially. You can reopen the issue and make it specific to validating in general, rather than just allowing for a certificate to be used with an non-matching host name.
Steve