Error retrieving metadata: SSLPeerUnverifiedException
Cantor, Scott
cantor.2 at osu.edu
Thu Aug 27 21:27:57 EDT 2015
On 8/27/15, 9:18 PM, "users on behalf of Baron Fujimoto" <users-bounces at shibboleth.net on behalf of baron at hawaii.edu> wrote:
>
>>Regardless you should be verifying the signtaure on the metadata and simply set the flag to disregard the TLS connection. That's the best choice.
>
>Is this supported in IdPv2? I found documentation of this attribute under
>the IdPv3, but not for IdPv2. This error also suggests no:
It was called disregardSslCertificate originally, I don't know if it was ever renamed on V2. I also thought it was named disregardTlsCertificate now, not TLS.
>>If you must, you can work around the bug, apparently by setting -Djdk.tls.trustNameService=true on the JVM.
>
>So assuming the best choice workaround is not an option, I guess that
>leaves setting jdk.tls.trustNameService=true for the JVM?
It is an option, but only if the file is actually signed obviously. Otherwise you can either roll back to an unbroken Java or use that override.
-- Scott
More information about the users
mailing list