You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by AngeloChen <an...@gmail.com> on 2011/07/18 11:44:27 UTC
ssl and host name not match
Hi,
I got a virtual host:
<Host name="www.sample.com" appBase="sampleapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false" >
<Alias>sample.com</Alias>
...
for some reason, the jks in the tomcat is for sample.com, when calling this
server with httpclient, it always get:
javax.net.ssl.SSLException: hostname in certificate didn't match:
<www.sample.com> != <sample.com>
even there is an alias sample.com.
any fix on this? Thanks,
Angelo
--
View this message in context: http://old.nabble.com/ssl-and-host-name-not-match-tp32081887p32081887.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: ssl and host name not match
Posted by AngeloChen <an...@gmail.com>.
i opted for #3 and it works, thanks.
awarnier wrote:
>
> AngeloChen wrote:
>> Hi,
>>
>> I got a virtual host:
>>
>> <Host name="www.sample.com" appBase="sampleapps"
>> unpackWARs="true" autoDeploy="true"
>> xmlValidation="false" xmlNamespaceAware="false" >
>> <Alias>sample.com</Alias>
>> ...
>>
>> for some reason, the jks in the tomcat is for sample.com, when calling
>> this
>> server with httpclient, it always get:
>>
>> javax.net.ssl.SSLException: hostname in certificate didn't match:
>> <www.sample.com> != <sample.com>
>>
>> even there is an alias sample.com.
>>
>> any fix on this? Thanks,
>>
> There is no "fix" for this, because it is not a problem. The client and
> the server are
> working the way they should :
> - the client connects to a server, thinking it is "www.sample.com"
> - the server returns a certificate for the host "sample.com"
> - the client sees that the certificate is not for the host that it
> requested, so it gives
> an error.
> The <Alias> in your configuration is just a way for Tomcat to handle the
> request with the
> corresponding virtual host. But it does not change the content of the
> certificate.
>
> There are different ways to avoid the error :
> a) have the client connect to "sample.com" instead. Because of the Alias,
> the Tomcat
> virtual host will be the same, and it will return a certficate for
> "sample.com", so the
> client will be happy too.
> b) use a wildcard certificate for "*.sample.com"
> c) change the certificate to be for "www.sample.com"
> ...
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
--
View this message in context: http://old.nabble.com/ssl-and-host-name-not-match-tp32081887p32083029.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: ssl and host name not match
Posted by André Warnier <aw...@ice-sa.com>.
AngeloChen wrote:
> Hi,
>
> I got a virtual host:
>
> <Host name="www.sample.com" appBase="sampleapps"
> unpackWARs="true" autoDeploy="true"
> xmlValidation="false" xmlNamespaceAware="false" >
> <Alias>sample.com</Alias>
> ...
>
> for some reason, the jks in the tomcat is for sample.com, when calling this
> server with httpclient, it always get:
>
> javax.net.ssl.SSLException: hostname in certificate didn't match:
> <www.sample.com> != <sample.com>
>
> even there is an alias sample.com.
>
> any fix on this? Thanks,
>
There is no "fix" for this, because it is not a problem. The client and the server are
working the way they should :
- the client connects to a server, thinking it is "www.sample.com"
- the server returns a certificate for the host "sample.com"
- the client sees that the certificate is not for the host that it requested, so it gives
an error.
The <Alias> in your configuration is just a way for Tomcat to handle the request with the
corresponding virtual host. But it does not change the content of the certificate.
There are different ways to avoid the error :
a) have the client connect to "sample.com" instead. Because of the Alias, the Tomcat
virtual host will be the same, and it will return a certficate for "sample.com", so the
client will be happy too.
b) use a wildcard certificate for "*.sample.com"
c) change the certificate to be for "www.sample.com"
...
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org