You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I thought setting trust_server_certs would allow faulty certificates to be accepted, but looks like it just disregard keys?
Whether it is the IP address that is not matching the cert, or other details of the cert, I am wondering whether there is an option to accept the certificate in ClientBuilder.
The text was updated successfully, but these errors were encountered:
That the cert isn't already in the pki/rejected folder. e.g. maybe you set trust_server_certs to true but the pki had rejected before that flag was set. If the cert is already there then it will be untrusted even if that flag is later set. You should try deleting the value in the pki/rejected and try again. The second and subsequent times it should go straight into pki/trusted
That the cert can be loaded. If the cert cannot be parsed as an X509 certificate then it will fail before the point of deciding whether to trust it or not.
If it's not working even after these two things, set your logging to debug level and see if you can capture the code which includes "Validating cert with name on disk" to see what is tripping it up.
I thought setting trust_server_certs would allow faulty certificates to be accepted, but looks like it just disregard keys?
Whether it is the IP address that is not matching the cert, or other details of the cert, I am wondering whether there is an option to accept the certificate in ClientBuilder.
The text was updated successfully, but these errors were encountered: