For Nexus Hybrid Access Gateway 5.13.3, the Java version which is shipped with the release is updated to 1.8.0 u202. Due to this, Hybrid Access Gateway now supports endpoint identification during secure interactions with the user storage. This allows Hybrid Access Gateway to validate the fully qualified domain name (FQDN) mentioned in Hybrid Access Gateway against the certificate’s FQDN.
If your certificate is not compliant with these checks you will see the following log messages in the system logs:
Example: log messages in system logs
Example: log messages
2019-09-11 10:57:00 WARNING "SSL Handshake failed! Certificate problems, 128-160.yourdomain.com:636"
2019-09-11 10:57:00 WARNING "Could not connect to user storage Local on ldaps://128-160.yourdomain.com:636"
2019-09-11 10:57:00 WARNING "LDAP search failed, javax.naming.CommunicationException,128-160.yourdomain.com:636 base , filter (objectclass=*), scope 0"