When the self signed certificate is generated, if they put CN=hostname you have to connect with the same host name or it will not match. If you are using the IP to connect for example, it will not match. The easiest way to fix this is to create a local DNS entry on your client with the host name that matches the CN in the certificate. Someone out there may have a better programmatic way to configure SSL to handle this scenario, but I know that what I gave you here does work to get around it.
On Sun, Mar 23, 2014 at 9:38 PM, Guzmán Llambías < [email protected]> wrote: > Hi guys! > > any idea about this? > > regards > Guzmán > > -----Mensaje original----- From: Guzmán Llambías > Sent: Thursday, March 20, 2014 8:50 PM > To: [email protected] > Subject: The https URL hostname does not match the Common Name (CN) on the > server certificate > > Hi guys! > > I'm trying to consume a service using https with a selfsigned certificate. > I added to my client this code to bypass the hostName verification with the > CN: > > javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier( > > new javax.net.ssl.HostnameVerifier(){ > > > > public boolean verify(String hostname, > > javax.net.ssl.SSLSession sslSession) { > > if (hostname.equals("localhost")) { > > return true; > > } > > return false; > > } > > }); > > > > but the following error occurs: > > "The https URL hostname does not match the Common Name (CN) on the server > certificate. To disable this check (NOT recommended for production) set the > CXF client TLS configuration property "disableCNCheck" to true." > > I set disableCNCheck to false and worked, but if I remove the > DefaultHostNameVerifier the following error occurs: > > "Caused by: java.security.cert.CertificateException: No name matching > localhost found" > > please, can anyone explain me the difference between both validations, > errors and why I have to but both if they seems to have the same behaviour? > > thanks in advance > Regards > Guzmán >
