The exception looks like this:
Caused by: java.security.cert.CertificateException:
Failed to verify both host address and host name
Caused by: javax.net.ssl.SSLPeerUnverifiedException:
Certificate for <...hostname...> doesn't match common name
of the certificate subject: <...subject name...>.
This is because the CN (Common Name) field of the certificate must match the hostname where the certificate will be installed. If it is problematic to reissue certificates, you can disable this check for test environments.
ZooKeeper Java client
There are several ways to configure SSL, you can learn about them in the section of the same name in this article.
Global properties
System.setProperty("zookeeper.ssl.hostnameVerification", "false")
Individual configuration
ZKClientConfig zkClientConfig = new ZKClientConfig();
zkClientconfig.setProperty("zookeeper.ssl.hostnameVerification", "false");
…
ZooKeeper zooKeeper = new ZooKeeper("...");
ZooKeeper CLI
The “-Dzookeeper.ssl.hostnameVerification = false” key must be added to the startup script /bin/zkCli.sh or /bin/zkCli.cmd. You can read more about adding keys to zkCli in the “Configuring ZooKeeper CLI” section of this article.
If you still have any questions, feel free to ask me in the comments under this article, or write me on promark33@gmail.com.