search

openhab / openhab-addons

Add-ons for openHAB
https://www.openhab.org/
Eclipse Public License 2.0
1.88k stars 3.59k forks source link

[influxdb or openhab core] SSLPeerUnverifiedException #10150

Closed farfade closed 3 years ago

farfade commented 3 years ago

Hello,

After migration from a fully functional openhab2.5 with SSL-enabled influxdb connection, this SSL-enabled influxdb connection does not work anymore with openhab 3 :

javax.net.ssl.SSLPeerUnverifiedException: Hostname AAA.HOST not verified:
    certificate: sha256
    DN: EMAILADDRESS=, CN=*.HOST, OU=*.HOST, O=HOST, ST=France, C=FR

The keystore contains the root CA, the influxdb server serves the wildcard certificate with the intermediate CA, and accepts SSL connections from a browser or from openssl s_client.

Behaviour confirmed here by another user.

A TLS-secured MQTT connection works correctly on the same host with openhab 3 + the mqtt addon

Cheers !

openhab-bot commented 3 years ago

This issue has been mentioned on openHAB Community. There might be relevant details there:

https://community.openhab.org/t/ssl-connection-to-influxdb-pkix-path-building-failed/81053/14

farfade commented 3 years ago

I finally figured it out about my problem of SSL connection from openhab3 to influxdb 2 : my certificate was missing

subjectAltName = DNS: HOSTNAME

entry. With the older version of the SSL library (openhab2 and / or influxdb 1), it was working with only CN = HOSTNAME