Reputation: 18980
How to get the same hostname that Java gets in this exception
Below is an exception that gets thrown by Java when checking the hostname for a certificate stored in a keystore. I believe it's checking a JKS formatted keystore. I'd like to write a very simple Java program to get the hostname as Java gets the hostname in this exception.
What line of code would get the hostname in Java so it's equivelant to this exception?
Specific exception:
com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching shr-test.hosp.org found : com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching shr-test.hosp.org found at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:155) at com.sun.jersey.api.client.Client.handle(Client.java:652) at com.sun.jersey.api.client.WebResource.handle(WebResource.java:682) at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74) at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:560) at net.shrine.client.JerseyHttpClient.post(JerseyHttpClient.scala:63) at net.shrine.client.Poster.post(Poster.scala:10) at net.shrine.adapter.client.RemoteAdapterClient$$anonfun$query$2$$anonfun$apply$1.apply(RemoteAdapterClient.scala:56) at net.shrine.adapter.client.RemoteAdapterClient$$anonfun$query$2$$anonfun$apply$1.apply(RemoteAdapterClient.scala:54) at scala.concurrent.impl.ExecutionContextImpl$DefaultThreadFactory$$anon$2$$anon$4.block(ExecutionContextImpl.scala:48) at scala.concurrent.forkjoin.ForkJoinPool.managedBlock(ForkJoinPool.java:3640) at scala.concurrent.impl.ExecutionContextImpl$DefaultThreadFactory$$anon$2.blockOn(ExecutionContextImpl.scala:45) at scala.concurrent.package$.blocking(package.scala:54) at net.shrine.adapter.client.RemoteAdapterClient$$anonfun$query$2.apply(RemoteAdapterClient.scala:54) at net.shrine.adapter.client.RemoteAdapterClient$$anonfun$query$2.apply(RemoteAdapterClient.scala:54) at scala.concurrent.impl.Future$PromiseCompletingRunnable.liftedTree1$1(Future.scala:24) at scala.concurrent.impl.Future$PromiseCompletingRunnable.run(Future.scala:24) at scala.concurrent.impl.ExecutionContextImpl$AdaptedForkJoinTask.exec(ExecutionContextImpl.scala:121) at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260) at scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339) at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979) at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107) Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching shr-test.hosp.org found at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1091) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250) at com.sun.jersey.client.urlconnection.URLConnectionClientHandler$1$1.getOutputStream(URLConnectionClientHandler.java:238) at com.sun.jersey.api.client.CommittingOutputStream.commitStream(CommittingOutputStream.java:117) at com.sun.jersey.api.client.CommittingOutputStream.write(CommittingOutputStream.java:89) at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221) at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291) at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295) at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141) at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229) at java.io.BufferedWriter.flush(BufferedWriter.java:254) at com.sun.jersey.core.util.ReaderWriter.writeToAsString(ReaderWriter.java:191) at com.sun.jersey.core.provider.AbstractMessageReaderWriterProvider.writeToAsString(AbstractMessageReaderWriterProvider.java:128) at com.sun.jersey.core.impl.provider.entity.StringProvider.writeTo(StringProvider.java:88) at com.sun.jersey.core.impl.provider.entity.StringProvider.writeTo(StringProvider.java:58) at com.sun.jersey.api.client.RequestWriter.writeRequestEntity(RequestWriter.java:300) at com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:217) at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:153) ... 21 more Caused by: java.security.cert.CertificateException: No name matching shr-test.hosp.org found at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:208) at sun.security.util.HostnameChecker.match(HostnameChecker.java:93) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:347) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:203) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323) ... 48 more
The reason I ask is because my operating system has two different hostname values. A system hostname and a VServer hostname. I'm able to control the system hostname with a hierarchy of configuration. And they are in fact different. And in order for the certificate to match what Java is seeing, I need to avoid this exception and have them match.
See this question for reference:
https://serverfault.com/questions/793689/getting-hostname-on-centos-6-6-from-command-line
and this...
https://serverfault.com/questions/793689/getting-hostname-on-centos-6-6-from-command-line
Upvotes: 0
Views: 1800
Answers (1)
Reputation: 18980
I had typed my name in the CN (Common Name) field. So when it did the JKS keystore lookup, it found "MacGyver" and not the CNAME.
The root cause is a software bug when creating a non-third party (aka self-signed SSL certificate using a custom CA) keystore. One of the prompts asks "What is your first and last name?", when it should be asking "What is the Common Name of the certificate?" When finished, and you run the keytool -list command on the keystore, this value gets put into the "CN" field. See below for the incorrect value entered, and notice the "CN" value when finished. Just be careful with this.
keytool -genkey -keyalg RSA -alias shrine-snow -keystore shrine.keystore -storepass XXXXX! -validity 360 -keysize 2048
What is your first and last name?
[Unknown]: Angus MacGyver
What is the name of your organizational unit?
[Unknown]: Criminal Investigation
What is the name of your organization?
[Unknown]: Phoenix Foundation
What is the name of your City or Locality?
[Unknown]: Madison
What is the name of your State or Province?
[Unknown]: Wisconsin
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=Angus MacGyver, OU=Criminal Investigation, O=Phoenix Foundation, L=Madison, ST=Wisconsin, C=US correct?
[no]: yes
Enter key password for <selfsigned>
(RETURN if same as keystore password):XXXXX!
Re-enter new password:XXXXX!
You can check the contents of the store using this:
keytool -v -list -keystore shrine.keystore
Upvotes: 1
Related Questions
- Recommended way to get hostname in Java
- Why java getHostName gives the FQDN?
- Cannot get hostname from getHostName
- Need to get only Hostname not FQDN in java
- Get hostname from IP with JCIFS
- Java InetAddress.getByName & /etc/hosts
- In Java 8, how do I get my hostname without hard-coding it in my environment?
- How do I get the local hostname if unresolvable through DNS in Java?
- Getting hostname with java fails in latest jdk7
- Detecting host name in java