Reltio Connect

I often get certificate warnings when accessing Reltio. Depending on the environment, it may take a couple of minutes (without timing it) for the certificate warnings to go away. This includes the Reltio website, Reltio entities API, and the Reltio auth API in particular.

The warnings cycle through a long list of different DNS entries before the issue resolves itself on its own.

Does Reltio go to sleep when not in use, and then need to deploy? Just curious why this may happen

Thanks!

Joseph Hoppe

Hi Joseph,

That does not seem right.  Admittedly, I'm using these resources on an almost daily basis, but in general that's not the behavior for any web site not visited in a while.

What is the warning message?  Maybe that can help us troubleshoot.  I dont think this behavior is widely seen.  

I often get certificate warnings when accessing Reltio. Depending on the environment, it may take a couple of minutes (without timing it) for the certificate warnings to go away. This includes the Reltio website, Reltio entities API, and the Reltio auth API in particular.

The warnings cycle through a long list of different DNS entries before the issue resolves itself on its own.

Does Reltio go to sleep when not in use, and then need to deploy? Just curious why this may happen

Thanks!

Joseph Hoppe

At 8:25 AM ET this morning, I received this error when trying to connect to the auth.reltio.com API. The error lasted for about 60 seconds before resolving itself.

When I get more examples of this one, or the other DNS entries, I can post them here.  

Error: Error getting access token Error: Hostname/IP does not match certificate's altnames: Host: auth.reltio.com. is not in the cert's altnames: DNS:*.pegacea.net

My teammate also receives the same errors from his laptop, but we do not know the root cause

Hi Joseph,

That does not seem right.  Admittedly, I'm using these resources on an almost daily basis, but in general that's not the behavior for any web site not visited in a while.

What is the warning message?  Maybe that can help us troubleshoot.  I dont think this behavior is widely seen.  

I often get certificate warnings when accessing Reltio. Depending on the environment, it may take a couple of minutes (without timing it) for the certificate warnings to go away. This includes the Reltio website, Reltio entities API, and the Reltio auth API in particular.

The warnings cycle through a long list of different DNS entries before the issue resolves itself on its own.

Does Reltio go to sleep when not in use, and then need to deploy? Just curious why this may happen

Thanks!

Joseph Hoppe

well, I understand why you get the error after not using the screen.

When you haven't used the Reltio UI for a while, the auth token can expire.  When you start using Reltio again, the UI automatically knows to try to get a new token. 

The message says that auth.reltio.com is not part of the *.reltio.com domain.   But it is.  This is where my network knowledge ends.....  :-(

At 8:25 AM ET this morning, I received this error when trying to connect to the auth.reltio.com API. The error lasted for about 60 seconds before resolving itself.

When I get more examples of this one, or the other DNS entries, I can post them here.  

Error: Error getting access token Error: Hostname/IP does not match certificate's altnames: Host: auth.reltio.com. is not in the cert's altnames: DNS:*.pegacea.net

My teammate also receives the same errors from his laptop, but we do not know the root cause

Hi Joseph,

That does not seem right.  Admittedly, I'm using these resources on an almost daily basis, but in general that's not the behavior for any web site not visited in a while.

What is the warning message?  Maybe that can help us troubleshoot.  I dont think this behavior is widely seen.  

I often get certificate warnings when accessing Reltio. Depending on the environment, it may take a couple of minutes (without timing it) for the certificate warnings to go away. This includes the Reltio website, Reltio entities API, and the Reltio auth API in particular.

The warnings cycle through a long list of different DNS entries before the issue resolves itself on its own.

Does Reltio go to sleep when not in use, and then need to deploy? Just curious why this may happen

Thanks!

Joseph Hoppe

Yes this is code that I have written to get an auth token and then call the Reltio API, but we do also see it when access the Reltio web portal through the browser.

At 7:55 AM ET, I received a similar certificate warning. It lasted roughly 45 seconds.

Error: Error getting access token Error: Hostname/IP does not match certificate's altnames: Host: auth.reltio.com. is not in the cert's altnames: DNS:api.biz.play.schoo.jp, DNS:*.api.biz.play.schoo.jp

well, I understand why you get the error after not using the screen.

When you haven't used the Reltio UI for a while, the auth token can expire.  When you start using Reltio again, the UI automatically knows to try to get a new token. 

The message says that auth.reltio.com is not part of the *.reltio.com domain.   But it is.  This is where my network knowledge ends.....  :-(

At 8:25 AM ET this morning, I received this error when trying to connect to the auth.reltio.com API. The error lasted for about 60 seconds before resolving itself.

When I get more examples of this one, or the other DNS entries, I can post them here.  

Error: Error getting access token Error: Hostname/IP does not match certificate's altnames: Host: auth.reltio.com. is not in the cert's altnames: DNS:*.pegacea.net

My teammate also receives the same errors from his laptop, but we do not know the root cause

Hi Joseph,

That does not seem right.  Admittedly, I'm using these resources on an almost daily basis, but in general that's not the behavior for any web site not visited in a while.

What is the warning message?  Maybe that can help us troubleshoot.  I dont think this behavior is widely seen.  

I often get certificate warnings when accessing Reltio. Depending on the environment, it may take a couple of minutes (without timing it) for the certificate warnings to go away. This includes the Reltio website, Reltio entities API, and the Reltio auth API in particular.

The warnings cycle through a long list of different DNS entries before the issue resolves itself on its own.

Does Reltio go to sleep when not in use, and then need to deploy? Just curious why this may happen

Thanks!

Joseph Hoppe

Yes this is code that I have written to get an auth token and then call the Reltio API, but we do also see it when access the Reltio web portal through the browser.

At 7:55 AM ET, I received a similar certificate warning. It lasted roughly 45 seconds.

Error: Error getting access token Error: Hostname/IP does not match certificate's altnames: Host: auth.reltio.com. is not in the cert's altnames: DNS:api.biz.play.schoo.jp, DNS:*.api.biz.play.schoo.jp

well, I understand why you get the error after not using the screen.

When you haven't used the Reltio UI for a while, the auth token can expire.  When you start using Reltio again, the UI automatically knows to try to get a new token. 

The message says that auth.reltio.com is not part of the *.reltio.com domain.   But it is.  This is where my network knowledge ends.....  :-(

At 8:25 AM ET this morning, I received this error when trying to connect to the auth.reltio.com API. The error lasted for about 60 seconds before resolving itself.

When I get more examples of this one, or the other DNS entries, I can post them here.  

Error: Error getting access token Error: Hostname/IP does not match certificate's altnames: Host: auth.reltio.com. is not in the cert's altnames: DNS:*.pegacea.net

My teammate also receives the same errors from his laptop, but we do not know the root cause

Hi Joseph,

That does not seem right.  Admittedly, I'm using these resources on an almost daily basis, but in general that's not the behavior for any web site not visited in a while.

What is the warning message?  Maybe that can help us troubleshoot.  I dont think this behavior is widely seen.  

I often get certificate warnings when accessing Reltio. Depending on the environment, it may take a couple of minutes (without timing it) for the certificate warnings to go away. This includes the Reltio website, Reltio entities API, and the Reltio auth API in particular.

The warnings cycle through a long list of different DNS entries before the issue resolves itself on its own.

Does Reltio go to sleep when not in use, and then need to deploy? Just curious why this may happen

Thanks!

Joseph Hoppe

No, it appears as though Reltio is responding with a certificate for the wrong domain. I.e., it's responding with a certificate for these sites instead of the *.reltio.com certificate:

*.pegacea.net

api.biz.play.schoo.jp

lendingstandard.com

at 9:08 ET today:

openssl s_client -connect auth.reltio.com:443 -servername auth.reltio.com -showcerts

CONNECTED(00000006)

depth=2 C = US, O = Amazon, CN = Amazon Root CA 1

verify return:1

depth=1 C = US, O = Amazon, CN = Amazon RSA 2048 M02

verify return:1

depth=0 CN = *.lendingstandard.com

verify return:1

write W BLOCK

---

Certificate chain

 0 s:/CN=*.lendingstandard.com

   i:/C=US/O=Amazon/CN=Amazon RSA 2048 M02

-----BEGIN CERTIFICATE-----

MIIF6zCCBNOgAwIBAgIQDbQyswiZS0XOcz51Rn80SDANBgkqhkiG9w0BAQsFADA8

...

A few minutes later, Reltio starts responding with the correct certificate:

Yes this is code that I have written to get an auth token and then call the Reltio API, but we do also see it when access the Reltio web portal through the browser.

At 7:55 AM ET, I received a similar certificate warning. It lasted roughly 45 seconds.

Error: Error getting access token Error: Hostname/IP does not match certificate's altnames: Host: auth.reltio.com. is not in the cert's altnames: DNS:api.biz.play.schoo.jp, DNS:*.api.biz.play.schoo.jp

well, I understand why you get the error after not using the screen.

When you haven't used the Reltio UI for a while, the auth token can expire.  When you start using Reltio again, the UI automatically knows to try to get a new token. 

The message says that auth.reltio.com is not part of the *.reltio.com domain.   But it is.  This is where my network knowledge ends.....  :-(

At 8:25 AM ET this morning, I received this error when trying to connect to the auth.reltio.com API. The error lasted for about 60 seconds before resolving itself.

When I get more examples of this one, or the other DNS entries, I can post them here.  

Error: Error getting access token Error: Hostname/IP does not match certificate's altnames: Host: auth.reltio.com. is not in the cert's altnames: DNS:*.pegacea.net

My teammate also receives the same errors from his laptop, but we do not know the root cause

Hi Joseph,

That does not seem right.  Admittedly, I'm using these resources on an almost daily basis, but in general that's not the behavior for any web site not visited in a while.

What is the warning message?  Maybe that can help us troubleshoot.  I dont think this behavior is widely seen.  

I often get certificate warnings when accessing Reltio. Depending on the environment, it may take a couple of minutes (without timing it) for the certificate warnings to go away. This includes the Reltio website, Reltio entities API, and the Reltio auth API in particular.

The warnings cycle through a long list of different DNS entries before the issue resolves itself on its own.

Does Reltio go to sleep when not in use, and then need to deploy? Just curious why this may happen

Thanks!

Joseph Hoppe