5 Replies Latest reply on Apr 1, 2014 7:46 AM by Erdinç GÜZEL

    JBoss 7.2 exception The https URL hostname does not match the Common Name (CN) on the server certificate.

    Indira Akundi Newbie

      I am seeing this exception when a ws client is trying to connect to a https service.

       

      Caused by: java.io.IOException: The https URL hostname does not match the Common Name (CN) on the server certificate. 
      To disable this check (NOT recommended for production) set the CXF client TLS configuration property "disableCNCheck" to true.

       

      I have tried the following one at a time, and all together.  And the error persists.

      It is true that the service URL has an ip address whereas the ssl cert has the hostname.

      But for pre-production testing, it should be possible to turn this check off.

       

      In the client call:

      System.setProperty("org.jboss.security.ignoreHttpsHost", "true");

       

      In standalone.conf:

      JAVA_OPTS="$JAVA_OPTS -Dorg.jboss.security.ignoreHttpsHost=true"
      JAVA_OPTS="$JAVA_OPTS -Djavax.net.debug=ssl,handshake"

       

      In the client call:

      HTTPConduit conduit = (HTTPConduit) clientProxy.getConduit();
      TLSClientParameters tlsParams = new TLSClientParameters();
      tlsParams.setTrustManagers(simpleTrustManager);
      tlsParams.setDisableCNCheck(true);          
      conduit.setTlsClientParameters(tlsParams);

       

      Also tried setting these:
      tlsParams.setSecureSocketProtocol("SSL");
      tlsParams.setSecureSocketProtocol("SSLv3");

       

      Tried this where hostnameVerifier always returns true:
      HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);

       

      ssl debug trace indictates that the server cert is found in the client keystore but the connection is getting invalidated because of the above exception.

       

      jboss-deployment-structure has 2 dependencies:

      <module name="org.apache.ws.security" export="true" /> 

         <module name="org.jboss.ws.cxf.jbossws-cxf-client" export="true" services="true" />

       

      Is there any configuration I am missing.  I am using 7.2 built from source from GitHub with no other changes.