This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Generic error for Common Name mismatch

Posted on 05-21-2024 08:52 AM
somdev
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi @dchiesa1

I have added common name check for a target server like this(during the target server creation):

{
"name": "common-name-test",
"host": "(URL Removed by Staff)",
"isEnabled": true,
"port": "443",
"sSLInfo": {
"commonName": {
"value": "*.example.com",
"wildcardMatch": true
},
"enabled": true
}
}

The cert's cname does not match this value, so the proxy is throwing an error but it's a generic '500 Internal Server Error' "errorcode": "messaging.adaptors.http.flow.InternalServerError" } }

This is happening when cname is added at target server level.

But when SSLInfo is added at the target endpoint(proxy level), like this:

<HTTPTargetConnection>
<SSLInfo>
<Enabled>true</Enabled>
<CommonName wildcardMatch="true">*.example.com</CommonName>
</SSLInfo>
<URL>(URL Removed by Staff)</URL>
</HTTPTargetConnection>

Since CN doesn't match, it's throwing error as below, which is easier to understand:

{
"fault": {
"faultstring": "Common-Name mismatch",
"detail": {
"errorcode": "protocol.http.CommonNameMismatch"
}
}
}

Is there any reason why it's behaving differently in case of Target server? Can same kind of unique error be provided in the first case(target server) too or at least any error variable to identify it's because of CN check failure?

0 2 286
Topic Labels
0 Likes
2 REPLIES 2