Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
We are doing a rest call to a server with SSL in a job we originally built in 5.4 but it's now in 6.4. The SSL certificate only has one name in it (an FQDN accessible externally), and we need to access the server via another name. We can't change the certificate and need to accept this certificate.
We use tSetKeyStore to load the keys that we are using - and then a tRest component to make the request.
Note: "Check server identity" is not checked.
Exception in component tREST_1 (test)
com.sun.jersey.api.client.ClientHandlerException: java.io.IOException: HTTPS hostname wrong: should be <servername>
at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:131)
at com.sun.jersey.api.client.Client.handle(Client.java:616)
at com.sun.jersey.api.client.WebResource.handle(WebResource.java:559)
...
If I check the "Check server identity" it seems to work successfully. Any clue here why "check server identity" = true would fail when the servername is different?
Hello,
It looks like an issue with the DefaultHostnameVerifier.
In tSetKeystore component, the "Check server identity" option is used to make the Job verify the match between the hostname of the URL and the hostname of the server. If they mismatch, the verification mechanism asks whether this connection should be allowed.
Best regards
Sabrina
Looking at this again it doesn't seem to be the DefaultHostnameVerifier - it seems between 5.6 & 6.4/6.5 the behaviour reversed. It used to add this code when the checkbox was not selected, now it adds it when it is selected (which is by default).
I'm going to change mine to use "Check server identity" when I don't want it to, but do you think this might change back in the future?
System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); javax.net.ssl.HttpsURLConnection .setDefaultHostnameVerifier(new javax.net.ssl.HostnameVerifier() { public boolean verify(String hostName, javax.net.ssl.SSLSession session) { return true; } });