cancel
Showing results for 
Search instead for 
Did you mean: 

SSL Certificate Mismatch on server

jamesv
New Contributor II

I’m working on building out some new deployments of Snaplogic hosts and I am experiencing very strange SSL Certificate Mismatch errors.

An example error:

Unable to connect to neighbor after 15076875ns: https://ip-10-16-9-21:8081","exc":"javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate mismatch, expecting b27564cdd9d8a212b855251f705d09f91e40bfa3; server returned: 9d77f1e79a39bbdc2a77a1aac8356027e42b3a9c

However, if I get the fingerprint of the cert using openssl:

[snapuser@ip-10-16-9-15 etl-scripts]$ openssl s_client -connect ip-10-16-9-21:8081  | openssl x509 -noout -fingerprint
depth=0 C = Unknown, ST = Unknown, L = Unknown, O = Unknown, OU = CC, CN = ip-10-16-9-21
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = Unknown, ST = Unknown, L = Unknown, O = Unknown, OU = CC, CN = ip-10-16-9-21
verify error:num=21:unable to verify the first certificate
verify return:1
SHA1 Fingerprint=B2:75:64:CD:D9:D8:A2:12:B8:55:25:1F:70:5D:09:F9:1E:40:BF:A3

It looks like Snaplogic is returning the local server’s cert fingerprint for the check, but openssl seems to pull it just fine.

Any tips?

1 REPLY 1

boverton
New Contributor

Looks like this went unanswered. I am running into this issue now. How do we solve this cert issue?