Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
July 15, NEW Customer Portal: Initial launch will improve how you submit Support Cases. IMPORTANT DETAILS
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
rod
Contributor
Contributor
‎2018-04-19 06:59 PM

tSetKeystore + tRest - HTTPS hostname wrong: should be <servername>

 

We are doing a rest call to a server with SSL in a job we originally built in 5.4 but it's now in 6.4.  The SSL certificate only has one name in it (an FQDN accessible externally), and we need to access the server via another name.  We can't change the certificate and need to accept this certificate. 

We use tSetKeyStore to load the keys that we are using - and then a tRest component to make the request.

 

0683p000009LwoQ.png

 

Note: "Check server identity" is not checked.

0683p000009Lwas.png

0683p000009LwtT.png

   

Exception in component tREST_1 (test)
com.sun.jersey.api.client.ClientHandlerException: java.io.IOException: HTTPS hostname wrong: should be <servername>
at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:131)
at com.sun.jersey.api.client.Client.handle(Client.java:616)
at com.sun.jersey.api.client.WebResource.handle(WebResource.java:559)
...

 

If I check the "Check server identity" it seems to work successfully.   Any clue here why "check server identity" = true would fail when the servername is different?

Labels (4)
Labels
97 Views
0 Likes
2 Replies
Anonymous
Not applicable
‎2018-05-04 05:36 AM

Hello,

It looks like an issue with the DefaultHostnameVerifier.

In tSetKeystore component, the "Check server identity" option is used to make the Job verify the match between the hostname of the URL and the hostname of the server. If they mismatch, the verification mechanism asks whether this connection should be allowed.

 

Best regards

Sabrina

 

 
97 Views
0 Likes
rod
Contributor
Contributor
‎2018-06-11 12:55 PM
Author

 

Looking at this again it doesn't seem to be the DefaultHostnameVerifier - it seems between 5.6 & 6.4/6.5 the behaviour reversed.  It used to add this code when the checkbox was not selected, now it adds it when it is selected (which is by default).

 

I'm going to change mine to use "Check server identity" when I don't want it to, but do you think this might change back in the future?

 

System.setProperty("java.protocol.handler.pkgs",
						"com.sun.net.ssl.internal.www.protocol");
				javax.net.ssl.HttpsURLConnection
						.setDefaultHostnameVerifier(new javax.net.ssl.HostnameVerifier() {
							public boolean verify(String hostName,
									javax.net.ssl.SSLSession session) {
								return true;
							}
						});

 

 

 

97 Views
0 Likes