1 Answer
- Newest
- Most votes
- Most comments
0
So, this is the error I got:
Hostname/IP does not match certificate's altnames: Host: pgssltest.cname.com. is not cert's CN: pgssltest.xxxxxxxxxxxx.region.rds.amazonaws.com
As the error implies, because the certificate provided by RDS contains a different domain name than the CNAME, it is treated as invalid.
To bypass this, we can use the following Nodejs code:
checkServerIdentity: (host: string, cert: tls.PeerCertificate) => {
const error = tls.checkServerIdentity(host, cert);
if (
error &&
!cert.subject.CN.endsWith(
(process.env.AWS_REGION || process.env.AWS_DEFAULT_REGION || "") +
".rds.amazonaws.com",
)
) {
return error;
}
},
}
answered 14 days ago
Relevant content
- Accepted Answerasked a month ago
- asked a year ago
- asked 2 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 7 months ago