Hi, You can specify certAlias name in
</http:tlsClientParameters> Something like <sec:certAlias>what_ever_suitable</sec:certAlias> Hopefully this is what you are looking for. Cheers Freeman On Tue, Sep 21, 2021 at 9:50 AM Tóth Csaba <[email protected]> wrote: > Hello! > > For a webservice client, (over https) the server sent certificate has > wrong "name", but it has an good "alternative name". > > I got javax.net.ssl.SSLHandshakeException: SSLHandshakeException. > > I have very basic conduit settings: > > <http:conduit name="url*"> > <http:tlsClientParameters> > <sec:keyManagers keyPassword=""> > <sec:keyStore password="" resource="" type="JKS"/> > </sec:keyManagers> > <sec:trustManagers> > <sec:keyStore password="" resource="" type="JKS"/> > </sec:trustManagers> > <sec:cipherSuitesFilter> > <!-- these filters ensure that a ciphersuite with > export-suitable or null encryption is used, but exclude anonymous > Diffie-Hellman key change as this is vulnerable to man-in-the-middle > attacks --> > <sec:include>.*_EXPORT_.*</sec:include> > <sec:include>.*_EXPORT1024_.*</sec:include> > <sec:include>.*_WITH_DES_.*</sec:include> > <sec:include>.*_WITH_AES_.*</sec:include> > <sec:include>.*_WITH_NULL_.*</sec:include> > <sec:exclude>.*_DH_anon_.*</sec:exclude> > </sec:cipherSuitesFilter> > </http:tlsClientParameters> > </http:conduit> > > (with other https endponts its working) > > How can is setup to check the "alternative name" too, and not only the > "name"? > > > Thanx > > Csaba > > >
