Hi Team,
I am doing Camunda 8.6 installation in Openshift. My Elasticsearch, zeebe broker, zeebe gateway & operate is running successful. But Tasklist is giving the error as
No subject alternative DNS name matching camuda-zeebe-gateway found
Here I attached the screenshot. Can someone help me on this ?
Note: Similar DNS configuration done in operate & its working fine.
Hi @vinothkumar - I don’t know much about OpenShift, but that appears to be a SSL error rather than a DNS error. Have you checked your certificate configurations?
Yes @nathan.loding - I have the similar configuration in operate & its working. Hope both are spring boot apps, so expecting same kind of TLS configuration.
So Hope those are correct
@vinothkumar - all the Camunda components Spring. Can you share you values.yaml file?
I cant as its with my client system. I can give u any specific details if required except customer specific.
@nathan.loding Myself and Vinoth are working on tasklist issue and want to add VM parameter in yaml file for SSL debug. How to add that?
-Djavax.net.debug=ssl
This is an error with the certificate that is installed on your host camunda-zeebe-gateway.
The certificate has a different hostname associated to it, but doesn’t list a Subject Alternate Name that matches camunda-zeebe-gateway
This can OFTEN be related to using DNS search. for example if your nodename is actually camunda-zeebe-gateway.cluster.client.internal and you have DNS completion on so that your nodes can reach out to camunda-zeebe-gateway, the two names don’t match completely, so the certificate fails.
As is documented in the solution to External Elasticsearch configuration in self managed - certificate mismatch error
If you rebuild the certificate for your gateway including all the known names, and load that certificate it should start working.
Thanks @GotnOGuts . I will look into that. How to do Debug with tasklist similar like in operate logging.level.root debug and io.camunda.operate: debug
Got this. Thanks… let me check the certificate part.
But again one query. Same way it’s configured for Operate also… How operate is sync with the certificate. Any specific parameter I can verify @GotnOGuts . Please confirm
Its working fine after made the changes in configmap file
Removed the gatewayAddress and added brokerContactPoint under zeebe.
@vinothkumar - two forum accounts? 
@ravi.arora - you should be able to use the JAVA_OPTS environment variable:
- name: JAVA_OPTS
value: "-Djavax.net.debug=ssl"Thanks @nathan.loding @GotnOGuts for the quick response…
ok thanks!!