HTTPS hostname wrong for cas cert
258 views
Skip to first unread message
Toby Archer
Aug 17, 2017, 10:31:37 AM8/17/17
to uPortal Community
I'm at a little bit of a loss on what's wrong here. I have a CAS server running on my local machine and I'm trying to get our dev portal to authenticate against it as a proof of concept. I created a self signed certificate and imported into the portal server as needed inorder to get it to accept the cert, but now it's throwing out the error message:
ERROR [https-jsse-nio2-443-exec-13] o.j.p.web.ExceptionLoggingFilter 2017-08-17 09:13:21,156 - uPortal: unhandled exception 'java.io.IOException: HTTPS hostname wrong: should be <192.236.56.165>' for URL
=/uPortal/Login?ticket=ST-2-fHdKcYDzFPkUKCY6FxmP-6a602d90e628, user=null , from IP=192.236.56.165
java.lang.RuntimeException: java.io.IOException: HTTPS hostname wrong: should be <192.236.56.165>
Which, unless I'm reading wrong, is saying "host name is 192.236.56.165 but should be 192.236.56.165". I've hit an error like this before, but that was because I made the cert to be "localhost" instead of the IP address. Had a similar problem with getting CAS to connect to dev-ldap becuase the cert was for dev-ldap not dev-ldap.usd.edu. Anyway, I say that to say that I am pretty confident I created the cert correctly (and imported it into cacerts). But never something appears to be wrong. Any ideas? I tried googling it, but mostly that is people saying "you made the cert wrong".
ERROR [https-jsse-nio2-443-exec-13] o.j.p.web.ExceptionLoggingFilter 2017-08-17 09:13:21,156 - uPortal: unhandled exception 'java.io.IOException: HTTPS hostname wrong: should be <192.236.56.165>' for URL
=/uPortal/Login?ticket=ST-2-fHdKcYDzFPkUKCY6FxmP-6a602d90e628, user=null , from IP=192.236.56.165
java.lang.RuntimeException: java.io.IOException: HTTPS hostname wrong: should be <192.236.56.165>
Which, unless I'm reading wrong, is saying "host name is 192.236.56.165 but should be 192.236.56.165". I've hit an error like this before, but that was because I made the cert to be "localhost" instead of the IP address. Had a similar problem with getting CAS to connect to dev-ldap becuase the cert was for dev-ldap not dev-ldap.usd.edu. Anyway, I say that to say that I am pretty confident I created the cert correctly (and imported it into cacerts). But never something appears to be wrong. Any ideas? I tried googling it, but mostly that is people saying "you made the cert wrong".
Benito J. Gonzalez
Aug 17, 2017, 11:49:22 AM8/17/17
to Toby Archer, uPortal Community
Hi Toby,
Did you set up the IP as an alt name?
https://stackoverflow.com/questions/8443081/how-are-ssl-certificate-server-names-resolved-can-i-add-alternative-names-using
-bjagg
> --
> You received this message because you are subscribed to the Google
> Groups "uPortal Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to uportal-user...@apereo.org
> <mailto:uportal-user...@apereo.org>.
> Visit this group at
> https://groups.google.com/a/apereo.org/group/uportal-user/.
--
Benito J. Gonzalez
Senior Software Developer
Unicon, Inc.
Voice: 480.558.2360
Text: 209.777.2754
Email: bgon...@unicon.net
GitHub: bjagg
GitLab: bjagg
BitBucket: bjagg
Did you set up the IP as an alt name?
https://stackoverflow.com/questions/8443081/how-are-ssl-certificate-server-names-resolved-can-i-add-alternative-names-using
-bjagg
> You received this message because you are subscribed to the Google
> Groups "uPortal Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to uportal-user...@apereo.org
> <mailto:uportal-user...@apereo.org>.
> Visit this group at
> https://groups.google.com/a/apereo.org/group/uportal-user/.
--
Benito J. Gonzalez
Senior Software Developer
Unicon, Inc.
Voice: 480.558.2360
Text: 209.777.2754
Email: bgon...@unicon.net
GitHub: bjagg
GitLab: bjagg
BitBucket: bjagg
Toby Archer
Aug 17, 2017, 12:56:43 PM8/17/17
to uPortal Community, sand...@gmail.com
I'll give that a try now. Axel Banderet replied to this, but must of not hit reply all with:
From what I know, a cert must not be with an ip address as host name. Chose a name and map it with 127.0.0.1 in /etc/hosts (Linux) or System32/drivers/etc/hosts (Windows) and it should be ok.
Which makes some sense. It tried patching in with the host file like he suggested, but so many different systems, some of which I don't have access too, are involved in this process. So I couldn't change everything to work via host files. If your idea doesn't work I'm thinking it just means it's time to migrate this from my local machine to a dev server.
From what I know, a cert must not be with an ip address as host name. Chose a name and map it with 127.0.0.1 in /etc/hosts (Linux) or System32/drivers/etc/hosts (Windows) and it should be ok.
Which makes some sense. It tried patching in with the host file like he suggested, but so many different systems, some of which I don't have access too, are involved in this process. So I couldn't change everything to work via host files. If your idea doesn't work I'm thinking it just means it's time to migrate this from my local machine to a dev server.
> <mailto:uportal-user+unsub...@apereo.org>.
Reply all
Reply to author
Forward
0 new messages