Unable to sync the portal with gateway due to SSL certificate mismatch
Below is the error seen in catalina.out
SEVERE: java.security.cert.CertificateException: No subject alternative names present
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
This occurs when you are using IP addresses, and the certificate doesn't contain a subject alternative name (SAN). Based on the RFC "When using an IP address, there must be a Subject Alternative Name entry (of type IP address, not DNS name) in the certificate."
There are two solutions to this:
1. Generate a private key for use with a SAN, and maintain the IP addresses. You would need to do this with openssl from the command line, as the Policy Manager doesn't have that capability to generate CSR's with a Subject Alternative Name. We have a knowledge base article here with instructions to accomplish this:
2. Create hostnames for the systems to use (and new keys), and simply make entries in /etc/hosts, and have the CN values of the certificates match with those hostnames, while also specifying the Gateway hostname in the following file: