Reputation: 21
SSL CA name mismatch
I a new to this ssl handshaking but I am having a linux server when i am curling a https end point I am getting the response(ssl verification is done) however when i am connecting via java it fails with the following error
Caused by: java.io.IOException: HTTPS hostname wrong: should be <hostname>
at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:649)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:573)
i am using java version 8
Upvotes: 0
Views: 1310
Answers (1)
Reputation: 766
When you access your HTTPS server from curl - it also performs server identity check. Java HTTPS client does similar check. The hostname in the URL of HTTPS server must be identical to HTTPS server's certificate CN RDN of the Subject attribute or DNS name of SubjectAlternativeName (SAN) extension.
I found some info here.
Example for the URL https://mycompany.com
Good certificate: CN=mycompany.com or SAN DNS=mycompany.com
Bad certificate: CN=aaa.bbb.mycompany.com
Upvotes: 1
Related Questions
- How to fix the "java.security.cert.CertificateException: No subject alternative names present" error?
- Java SSLException: hostname in certificate didn't match
- Subject Alternative Name must have scheme to be working in java?
- SSL Cerficate - No subject alternative names present
- SSL Bad Certificate error
- Java HTTPS connection with SSL certificate Error
- Hostname in certificate didn't match?
- certificate_unknown exception in ssl
- Getting ssl exception inspite of both certificates are issued by verified CA's?
- JVM to ignore certificate name mismatch