CN-stage allows connections to a MN that is operating a self-signed SSL server certificate
CN-stage supports connections to a MN that is operating a self-signed SSL server certificate - this should not be allowed since the connection could occur with a rogue non-verified server.
This instance occurred with dataone-dev.ecoinformatics.org.au:443 on 18 August 2015:
Not Before: Aug 11 04:56:19 2015 GMT
Not After : Aug 8 04:56:19 2025 GMT
#1 Updated by Mark Servilla over 7 years ago
After restarting d1-processing at approximate 03:30 19 August 2015 GMT, cn-stage began denying connections to dataone-dev.ecoinformatics.org.au:443 (see below). Apparently, the SSL information is either cached or ignored and operations presumably continue without exception. Note that, although a security exception was not thrown, no new content was harvested from dataone-dev.ecoinformatics.org.au:443.
[ERROR] 2015-08-19 03:30:01,090 (ObjectListHarvestTask:retrieve:251) urn:node:mnTestAEKOS- <?xml version="1.0" encoding="UTF-8"?>
class javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target