AngeloChen wrote:
Hi,
I got a virtual host:
<Host name="www.sample.com" appBase="sampleapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false" >
<Alias>sample.com</Alias>
...
for some reason, the jks in the tomcat is for sample.com, when calling this
server with httpclient, it always get:
javax.net.ssl.SSLException: hostname in certificate didn't match:
<www.sample.com> != <sample.com>
even there is an alias sample.com.
any fix on this? Thanks,
There is no "fix" for this, because it is not a problem. The client and the server are
working the way they should :
- the client connects to a server, thinking it is "www.sample.com"
- the server returns a certificate for the host "sample.com"
- the client sees that the certificate is not for the host that it requested, so it gives
an error.
The <Alias> in your configuration is just a way for Tomcat to handle the request with the
corresponding virtual host. But it does not change the content of the certificate.
There are different ways to avoid the error :
a) have the client connect to "sample.com" instead. Because of the Alias, the Tomcat
virtual host will be the same, and it will return a certficate for "sample.com", so the
client will be happy too.
b) use a wildcard certificate for "*.sample.com"
c) change the certificate to be for "www.sample.com"
...
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
