Log Rejecting certificate with common-names – How To Solve Related Issues



Log Rejecting certificate with common-names – How To Solve Related Issues

Opster Team

Jan-20, Version: 1.7-8.0



Before you begin reading this guide, we recommend you try running the Elasticsearch Error Check-Up  which can resolve issues causing many log errors (free and no installation required)

 

This guide will help you check for common problems that cause the log “Rejecting certificate with common-names” to appear. It’s important to understand the issues related to the log, so to get started, read the general overview on common issues and tips related to the Elasticsearch concepts: plugin.


Advanced users might want to skip right to the common problems section in each concept or try running the Check-Up which analyses ES to discover the cause of many errors and provides suitable actionable recommendations. 

Log Context

Log”Rejecting certificate [{}] [{}] with common-names [{}]” classname is RestrictedTrustManager.java
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

         Set names = readCommonNames(certificate);
        if (verifyCertificateNames(names)) {
            logger.debug(() -> new ParameterizedMessage("Trusting certificate [{}] [{}] with common-names [{}]";
                    certificate.getSubjectDN(); certificate.getSerialNumber().toString(16); names));
        } else {
            logger.info("Rejecting certificate [{}] [{}] with common-names [{}]";
                    certificate.getSubjectDN(); certificate.getSerialNumber().toString(16); names);
            throw new CertificateException("Certificate for " + certificate.getSubjectDN() +
                    " with common-names " + names
                    + " does not match the trusted names " + trustRestrictions.getTrustedNames());
        }




 

Related issues to this log

We have gathered selected Q&A from the community and issues from Github, that can help fix related issues please review the following for further information :

1 De Js Hostname Ip Doesnt Match Cert  

Stname Ip Doesnt Match Certificates  

 

About Opster

Opster line of products and support services detects, prevents, optimizes and automates everything needed to manage mission-critical Elasticsearch.

Find Configuration Errors

Analyze Now