Question
· Oct 5, 2016

Authorization (OAuth 2.0) failure due to mismatch server name (SSL Cert)

I am using OAuth2 Cache framework, acting as a client to an authorization server. My setup is based on this excellent previous post [Caché Open Authorization Framework (OAuth 2.0) implementation – part 1].

I'm facing ‘Authorization Server Error: Error Processing Response - No match between server name 'googleapis.com' and SSL certificate values google.com…’

It looks like I should set SSLCheckServerIdentity to false but I can’t figure out how. Has anyone had the same issue?

Discussion (4)2
Log in or sign up to continue

Stepping back a bit:

What endpoint are you using? From Terminal, I see different certificates for googleapis.com and www.googleapis.com:

USER>set old = $io set dev = "|TCP|443" open dev:("googleapis.com":443:/TLS="Demo") use dev w 123,! use dev s cer = $System.Security.Users.SSLGetPeerCertificate() use old w $System.Encryption.X509GetField(cer,"Subject"),!,$System.Encryption.X509GetField(cer,"Extension:subjectAltName")
CN=www.google.com,O=Google Inc,L=Mountain View,ST=California,C=US
DNS:www.google.com

USER>close dev set old = $io set dev = "|TCP|443" open dev:("www.googleapis.com":443:/TLS="Demo") use dev w 123,! use dev s cer = $System.Security.Users.SSLGetPeerCertificate() use old w $System.Encryption.X509GetField(cer,"Subject"),!,$System.Encryption.X509GetField(cer,"Extension:subjectAltName")
CN=*.googleapis.com,O=Google Inc,L=Mountain View,ST=California,C=US
DNS:*.googleapis.com, DNS:*.clients6.google.com, DNS:*.cloudendpointsapis.com, DNS:cloudendpointsapis.com, DNS:googleapis.com

However, in my browser, if I navigate to https://googleapis.com, I see the googleapis.com certificate (and a 404 error). This difference in behavior might have something to do with Caché's lack of support for Server Name Indication (SNI).

Regardless, what happens if you change the endpoint to www.googleapis.com rather than googleapis.com?