On 29/07/2025 10:47, Pooja Sharma wrote:
Hi Team,
After upgrading to Apache Tomcat 10.1.43, we are facing an issue with our
production setup.
Our Tomcat instances run behind an F5 Load Balancer, which is responsible for
SSL termination. The issue is:
Problem:
When accessing our internal URLs without the .esri.com domain, such as:
https://psqadashboard/PSProductsRegressionDashboard/
https://psqadashboardha/PSProductsRegressionDashboard/
— we get this error in all major browsers:
"Your connection is not private"
(ERR_CERT_COMMON_NAME_INVALID)
However, the same Tomcat apps work perfectly with full domain URLs:
https://psqadashboard.esri.com/PSProductsRegressionDashboard/
This exact configuration worked fine on previous Tomcat versions (Tomcat
10.1.36 ).
Confirmed:
* SSL cert is valid and correctly served by F5.
* No changes in F5 or cert config.
* Issue appears only after Tomcat 10.1.43 upgrade.
* All development servers (same setup) still work even with internal
shortnames.
Questions:
1. Did Tomcat 10.1.43 introduce stricter hostname verification?
2. Is this a known issue or regression?
3. Any recommended workaround to allow short internal hostnames again?
Any feedback or guidance is appreciated.
That is an TLS error. Tomcat isn't terminating your TLS, the F5 is. That
means what you are seeing is nothing to do with Tomcat and probably an
issue with your F5 configuration and/or certificate.
It looks like the certificate is missing a SAN entries for
psqadashboard, psqadashboardha and similar.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
