SSL Verification Failed
Problem
After authenticating the Dremio connector, I'm receiving the following error:
(1110) SSL verification failed because the server host name specified for the connection does not match the "CN" entry in the "Subject" field or any of the "DNS Name" entries of the "Subject Alternative Name" field in the server certificate.
Solution
The problem occurs due to a setup that is using encrypted connections for the client port. This occurrence depends on the architecture for your Dremio Software instance.
Check that the certificate has the external hostname set as the Subject.CN entry using the OpenSSL tool. For instance, if the external hostname is my.customers.dremio and the client port is configured to 9050 (in dremio.conf services.coordinator.client-endpoint.port 9050) when you run this command:
openssl s_client -connect my.customers.dremio:9050
you should see that the output shows the level 0 CN field is set to the hostname that you issued in the command:
Output for certificate's external hostnameCONNECTED(00000006)
some output you can ignore for now
---
Certificate chain
0 s:CN = my.customers.dremio
more output you can ignore for now
If you see a different hostname in the level 0 CN field, this could be the cause of the error. Recreate the certificate to see if this resolves the error.
It's also worth checking if the certificate is installed directly on the Dremio Software instance, because the dremio.conf should have:
services.coordinator.client-endpoint.ssl.enabled true
If, however, a load balancer or proxy is performing SSL offloading, then the connection arriving at Dremio Software will be unencrypted. In this case, dremio.conf should have:
services.coordinator.client-endpoint.ssl.enabled false