The exception looks like this:
Caused by: java.security.cert.CertificateException: Failed to verify both host address and host name Caused by: javax.net.ssl.SSLPeerUnverifiedException: Certificate for <...hostname...> doesn't match common name of the certificate subject: <...subject name...>.
This is because the CN (Common Name) field of the certificate must match the hostname where the certificate will be installed. If it is problematic to reissue certificates, you can disable this check for test environments.
ZooKeeper Java client
There are several ways to configure SSL, you can learn about them in the section of the same name in this article.
ZKClientConfig zkClientConfig = new ZKClientConfig(); zkClientconfig.setProperty("zookeeper.ssl.hostnameVerification", "false"); … ZooKeeper zooKeeper = new ZooKeeper("...");
The “-Dzookeeper.ssl.hostnameVerification = false” key must be added to the startup script /bin/zkCli.sh or /bin/zkCli.cmd. You can read more about adding keys to zkCli in the “Configuring ZooKeeper CLI” section of this article.
If you still have any questions, feel free to ask me in the comments under this article, or write me on firstname.lastname@example.org.
If I saved your day, you can support me :)