We are running into an issue with DMaaP certificate, certificate validation fails on Heat.   I believe we are fine in OOM install.   The reason is that DMaaP certificate does not include the “vm1.mr.simpledemo.onap.org”.  It includes instead the mr.api.simpledemo.onap.org which is not DNS resolvable in Heat installs.

I guess we need the vm1.mr.simpledemo.onap.org in the DMaaP cert, or instead having mr.api.simpledemo.onap.org added to DNS and we can switch what our URLs point to.  

See error below ..

javax.net.ssl.SSLPeerUnverifiedException: Certificate for <vm1.mr.simpledemo.onap.org> doesn't match any of the subject alternative names: [message-router, mr.api.simpledemo.onap.org, message-router.onap, dmaap-mr, dmaap-mr.onap]

 [2018-10-08T14:02:44.832+00:00|WARN|HttpClient|DMAAP-source-PDPD-CONFIGURATION] Error executing HTTP request. Certificate for <vm1.mr.simpledemo.onap.org> doesn't match any of the subject alternative names: [message-router, mr.api.simpledemo.onap.org, message-router.onap, dmaap-mr, dmaap-mr.onap]; blacklisting for 2 minutes

[2018-10-08T14:02:44.832+00:00|ERROR|BusConsumer$CambriaConsumerWrapper|DMAAP-source-PDPD-CONFIGURATION] CambriaConsumerWrapper [fetchTimeout=15000]: cannot fetch because of Certificate for <vm1.mr.simpledemo.onap.org> doesn't match any of the subject alternative names: [message-router, mr.api.simpledemo.onap.org, message-router.onap, dmaap-mr, dmaap-mr.onap] - backoff for 15000 ms.

^C

policy@drools:/var/log/onap/policy/pdpd$ ping mr.api.simpledemo.onap.org,

ping: unknown host mr.api.simpledemo.onap.org,