I’m working on building out some new deployments of Snaplogic hosts and I am experiencing very strange SSL Certificate Mismatch errors.
An example error:
Unable to connect to neighbor after 15076875ns: https://ip-10-16-9-21:8081","exc":"javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate mismatch, expecting b27564cdd9d8a212b855251f705d09f91e40bfa3; server returned: 9d77f1e79a39bbdc2a77a1aac8356027e42b3a9c
However, if I get the fingerprint of the cert using openssl:
[snapuser@ip-10-16-9-15 etl-scripts]$ openssl s_client -connect ip-10-16-9-21:8081 | openssl x509 -noout -fingerprint depth=0 C = Unknown, ST = Unknown, L = Unknown, O = Unknown, OU = CC, CN = ip-10-16-9-21 verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 C = Unknown, ST = Unknown, L = Unknown, O = Unknown, OU = CC, CN = ip-10-16-9-21 verify error:num=21:unable to verify the first certificate verify return:1 SHA1 Fingerprint=B2:75:64:CD:D9:D8:A2:12:B8:55:25:1F:70:5D:09:F9:1E:40:BF:A3
It looks like Snaplogic is returning the local server’s cert fingerprint for the check, but openssl seems to pull it just fine.