https://community.qlik.com/t5/Talend-Studio/tSetKeystore-tRest-HTTPS-hostname-wrong-should-be-lt-servername/m-p/2288503#M61985 <P>&nbsp;</P> <P>We are doing a rest call to a server with SSL in a job we originally built in 5.4 but it's now in 6.4.&nbsp; The SSL certificate only has&nbsp;one name in it (an FQDN accessible externally), and we need to access the server via another name.&nbsp; We can't change the certificate and need to accept this certificate.&nbsp;</P> <P>We use tSetKeyStore to load the keys that we are using - and then a tRest component to make the request.</P> <P>&nbsp;</P> <P><SPAN class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2018-04-19 at 1.37.35 PM.png" style="width: 261px;"><span class="lia-inline-image-display-wrapper" image-alt="0683p000009LwoQ.png"><img src="https://community.qlik.com/t5/image/serverpage/image-id/152314i1E5327AEB12636A1/image-size/large?v=v2&amp;px=999" role="button" title="0683p000009LwoQ.png" alt="0683p000009LwoQ.png" /></span></SPAN></P> <P>&nbsp;</P> <P>Note: "Check server identity" is not checked.</P> <P><SPAN class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2018-04-19 at 5.28.04 PM.png" style="width: 999px;"><span class="lia-inline-image-display-wrapper" image-alt="0683p000009Lwas.png"><img src="https://community.qlik.com/t5/image/serverpage/image-id/146636iBBC2C1002D5D030F/image-size/large?v=v2&amp;px=999" role="button" title="0683p000009Lwas.png" alt="0683p000009Lwas.png" /></span></SPAN></P> <P><SPAN class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2018-04-19 at 5.31.17 PM.png" style="width: 999px;"><span class="lia-inline-image-display-wrapper" image-alt="0683p000009LwtT.png"><img src="https://community.qlik.com/t5/image/serverpage/image-id/141702iD34A10495DCE86A6/image-size/large?v=v2&amp;px=999" role="button" title="0683p000009LwtT.png" alt="0683p000009LwtT.png" /></span></SPAN></P> <P>&nbsp;&nbsp;&nbsp;</P> <P>Exception in component tREST_1 (test)<BR />com.sun.jersey.api.client.ClientHandlerException: java.io.IOException: HTTPS hostname wrong: should be &lt;servername&gt;<BR />at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:131)<BR />at com.sun.jersey.api.client.Client.handle(Client.java:616)<BR />at com.sun.jersey.api.client.WebResource.handle(WebResource.java:559)<BR />...</P> <P>&nbsp;</P> <P>If I check the "<SPAN>Check server identity" it seems to work successfully.&nbsp; &nbsp;Any clue here why "check server identity" = true would fail when the servername is different?</SPAN></P> Sat, 16 Nov 2024 08:22:33 GMT rod 2024-11-16T08:22:33Z https://community.qlik.com/t5/Talend-Studio/tSetKeystore-tRest-HTTPS-hostname-wrong-should-be-lt-servername/m-p/2288503#M61985 <P>&nbsp;</P> <P>We are doing a rest call to a server with SSL in a job we originally built in 5.4 but it's now in 6.4.&nbsp; The SSL certificate only has&nbsp;one name in it (an FQDN accessible externally), and we need to access the server via another name.&nbsp; We can't change the certificate and need to accept this certificate.&nbsp;</P> <P>We use tSetKeyStore to load the keys that we are using - and then a tRest component to make the request.</P> <P>&nbsp;</P> <P><SPAN class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2018-04-19 at 1.37.35 PM.png" style="width: 261px;"><span class="lia-inline-image-display-wrapper" image-alt="0683p000009LwoQ.png"><img src="https://community.qlik.com/t5/image/serverpage/image-id/152314i1E5327AEB12636A1/image-size/large?v=v2&amp;px=999" role="button" title="0683p000009LwoQ.png" alt="0683p000009LwoQ.png" /></span></SPAN></P> <P>&nbsp;</P> <P>Note: "Check server identity" is not checked.</P> <P><SPAN class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2018-04-19 at 5.28.04 PM.png" style="width: 999px;"><span class="lia-inline-image-display-wrapper" image-alt="0683p000009Lwas.png"><img src="https://community.qlik.com/t5/image/serverpage/image-id/146636iBBC2C1002D5D030F/image-size/large?v=v2&amp;px=999" role="button" title="0683p000009Lwas.png" alt="0683p000009Lwas.png" /></span></SPAN></P> <P><SPAN class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2018-04-19 at 5.31.17 PM.png" style="width: 999px;"><span class="lia-inline-image-display-wrapper" image-alt="0683p000009LwtT.png"><img src="https://community.qlik.com/t5/image/serverpage/image-id/141702iD34A10495DCE86A6/image-size/large?v=v2&amp;px=999" role="button" title="0683p000009LwtT.png" alt="0683p000009LwtT.png" /></span></SPAN></P> <P>&nbsp;&nbsp;&nbsp;</P> <P>Exception in component tREST_1 (test)<BR />com.sun.jersey.api.client.ClientHandlerException: java.io.IOException: HTTPS hostname wrong: should be &lt;servername&gt;<BR />at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:131)<BR />at com.sun.jersey.api.client.Client.handle(Client.java:616)<BR />at com.sun.jersey.api.client.WebResource.handle(WebResource.java:559)<BR />...</P> <P>&nbsp;</P> <P>If I check the "<SPAN>Check server identity" it seems to work successfully.&nbsp; &nbsp;Any clue here why "check server identity" = true would fail when the servername is different?</SPAN></P> Sat, 16 Nov 2024 08:22:33 GMT https://community.qlik.com/t5/Talend-Studio/tSetKeystore-tRest-HTTPS-hostname-wrong-should-be-lt-servername/m-p/2288503#M61985 rod 2024-11-16T08:22:33Z https://community.qlik.com/t5/Talend-Studio/tSetKeystore-tRest-HTTPS-hostname-wrong-should-be-lt-servername/m-p/2288504#M61986 <P>Hello,</P> <P>It looks like an issue with the DefaultHostnameVerifier.</P> <P>In tSetKeystore component, the "<SPAN class="ph uicontrol">Check server identity"</SPAN> option is used to make the Job verify the match between the hostname of the URL and the hostname of the server. If they mismatch, the verification mechanism asks whether this connection should be allowed.</P> <P>&nbsp;</P> <P>Best regards</P> <P>Sabrina</P> <P>&nbsp;</P> <DIV id="tSetKeystore" class="nested0"> &nbsp; </DIV> Fri, 04 May 2018 09:36:02 GMT https://community.qlik.com/t5/Talend-Studio/tSetKeystore-tRest-HTTPS-hostname-wrong-should-be-lt-servername/m-p/2288504#M61986 Anonymous 2018-05-04T09:36:02Z https://community.qlik.com/t5/Talend-Studio/tSetKeystore-tRest-HTTPS-hostname-wrong-should-be-lt-servername/m-p/2288505#M61987 <P>&nbsp;</P> <P>Looking at this again it doesn't seem to be the DefaultHostnameVerifier - it seems between 5.6 &amp; 6.4/6.5 the behaviour reversed.&nbsp; It used to add this code when the checkbox was not selected, now it adds it when it&nbsp;is selected (which is by default).</P> <P>&nbsp;</P> <P>I'm going to change mine to use "Check server identity" when I don't want it to, but&nbsp;do you think this might&nbsp;change back in the future?</P> <P>&nbsp;</P> <PRE>System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); javax.net.ssl.HttpsURLConnection .setDefaultHostnameVerifier(new javax.net.ssl.HostnameVerifier() { public boolean verify(String hostName, javax.net.ssl.SSLSession session) { return true; } });</PRE> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 11 Jun 2018 16:55:31 GMT https://community.qlik.com/t5/Talend-Studio/tSetKeystore-tRest-HTTPS-hostname-wrong-should-be-lt-servername/m-p/2288505#M61987 rod 2018-06-11T16:55:31Z