azure-sdk-for-java icon indicating copy to clipboard operation
azure-sdk-for-java copied to clipboard
verified publisher icon Azure

[QUERY] Configuring HTTPS Certificate Validation in HttpClients

Open epa64 opened this issue 3 years ago • 5 comments

Query/Question How to disable or control HTTPS certificate validation with BlobServiceClient.

Why is this not a Bug or a feature Request? We use a private address for client requests to the blob storage API. The url is mydomain.privatelink.blob.core.windows.net. The https certificate returned is a wildcard of type *.blob.core.windows.net, the privatelink subdomain is missing and azure SDK raises an exception: java.security.cert.CertificateException: No subject alternative DNS name matching mydomain.privatelink.blob.core.windows.net found, which is normal

Setup

  • OS: linux unbutu 20.04 TLS
  • IDE: IntelliJ
  • Library/Libraries: com.azure:azure-storage-blobom.azure:12.13.0

Many thanks Best regards Eric

epa64 avatar Apr 08 '22 17:04 epa64

Thanks for filing this issue @epa64, is it possible including which HttpClient instance your application is using so we can offer samples/guidance on how to certificate handling at the HTTP layer.

alzimmermsft avatar Apr 11 '22 20:04 alzimmermsft

@epa64 Can we ask you to please open a support case for this request? This may involve some work on the service, which we cannot effectively track on github, so it will be more productive if there is an open support case for the query.

rickle-msft avatar Apr 13 '22 18:04 rickle-msft

Hi @epa64 ,

Just following up on this thread. Has this issue been resolved? If so, we can go ahead and close this. If not, can you please let us know what blockers you're running into, or any questions you may have?

Thank you!

ibrahimrabab avatar Sep 20 '22 21:09 ibrahimrabab

I'm facing the same problem when i try to connect to my comosdb table via a privatelink. Can you please provide a solution.

Xaseron avatar Sep 21 '22 12:09 Xaseron

Hi,

Sorry, i check it and reply this week.

Best regards,

Eric Papet

Le 20/09/2022 à 23:47, Rabab Ibrahim a écrit :

Hi @epa64 https://github.com/epa64 ,

Just following up on this thread. Has this issue been resolved? If so, we can go ahead and close this. If not, can you please let us know what blockers you're running into, or any questions you may have?

Thank you!

— Reply to this email directly, view it on GitHub https://github.com/Azure/azure-sdk-for-java/issues/28130#issuecomment-1252949043, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABGUQXHLD6WWYVHPXDAUELTV7IWHLANCNFSM5S5EJBOQ. You are receiving this because you were mentioned.Message ID: @.***>

epa64 avatar Sep 22 '22 07:09 epa64

@epa64 Can you please tell us which HttpClient you are using? This is needed so that we can provide some guidance on how to handle SSL validation.

ki1729 avatar Nov 02 '22 20:11 ki1729

Hi, we're sending this friendly reminder because we haven't heard back from you in a while. We need more information about this issue to help address it. Please be sure to give us your input within the next 7 days. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you!

ghost avatar Nov 10 '22 02:11 ghost

@ki1729

i use the the azure cosmos client:

        val servicePrincipal: TokenCredential = ClientSecretCredentialBuilder()
            .tenantId(tenantId)
            .clientId(clientId)
            .clientSecret(clientSecret)
            .build()

        val cosmosClient = CosmosClientBuilder()
            .endpoint(endpoint)
            .credential(servicePrincipal)
            .gatewayMode()
            .buildClient()

Xaseron avatar Nov 25 '22 12:11 Xaseron