Hostname/IP doesn't match certificate's altnames: "Host: webservice.s1.exacttarget.com. is not in the cert's altnames: DNS:ws-thehartford.exacttarget.com

[robin-chilliapple]

I am getting following error while retrieving Data Extension.

{ Error: Hostname/IP doesn't match certificate's altnames: "Host: webservice.s1.exacttarget.com. is not in the cert's altnames: DNS:ws-thehartford.exacttarget.com"
    at Object.checkServerIdentity (tls.js:203:15)
    at TLSSocket.<anonymous> (_tls_wrap.js:1061:29)
    at emitNone (events.js:86:13)
    at TLSSocket.emit (events.js:185:7)
    at TLSSocket._finishInit (_tls_wrap.js:580:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:412:38)
  reason: 'Host: webservice.s1.exacttarget.com. is not in the cert\'s altnames: DNS:ws-thehartford.exacttarget.com',
  host: 'webservice.s1.exacttarget.com.',
  cert: 
   { subject: 
      { C: 'US',
        ST: 'Indiana',
        L: 'Indianapolis',
        O: 'ExactTarget, Inc',
        OU: 'Infrastructure',
        CN: 'ws-thehartford.exacttarget.com' },
     issuer: 
      { C: 'US',
        O: 'DigiCert Inc',
        CN: 'DigiCert SHA2 Secure Server CA' },
     subjectaltname: 'DNS:ws-thehartford.exacttarget.com',
     infoAccess: { 'OCSP - URI': [Object], 'CA Issuers - URI': [Object] },
     modulus: 'DDDDDDD',
     exponent: '1x15551',
     valid_from: 'Nov  2 00:00:00 2015 GMT',
     valid_to: 'Jan 30 12:00:00 2019 GMT',
     fingerprint: 'Removed',
     ext_key_usage: [Removed ],
     serialNumber: 'Removed',
     raw: Removed }

Please help me.
Thanks

[vernak2539]

This is usually due to an issue with the certificate chain. I would contact customer support about this.

To fix this immediately, it's a security risk though, you could add the kv pair rejectUnauthorized: false to the options.reqOptions when executing a call

[robin-chilliapple]

Thanks for your quick reply.
Should I add the kv pair rejectUnauthorized: false in all SOAP request separately or should I add this in Fuel-SOAP node-module library in one place?

[vernak2539]

It would have to be added in all your soap requests. It shouldn't be added to this module as it shouldn't be happening in the first place unfortunately.

[bronsoja]

I'm not sure if the webservice.s1.exacttarget.com domain it looks like you are using is expected to be valid (although I'm not sure why it exists either) Normally, requests for an account in the S1 stack should just to go the webservice.exacttarget.com domain, as that is the endpoint documented here: https://developer.salesforce.com/docs/atlas.en-us.noversion.mc-apis.meta/mc-apis/wsdl-endpoint-links.htm

It looks like that domain does not have certificate mismatch issues like webservice.s1.exacttarget.com does, so I'd try just switching to that.

[vernak2539]

@bronsoja that is a very good call actually! I missed those small characters.

@robin-chilliapple you can get the list of endpoints from this API call

[vernak2539]

I'm going to be closing this. If the issue persists, please re-open and let us know

[robin-chilliapple]

@bronsoja you are absolutely correct. I have fixed it.
Thanks @vernak2539 and @bronsoja