Here's my error:
java.security.cert.CertificateException: No subject alternative DNS name matching <servername> found.
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching <servername> found.
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.7.0_45]
...more...
Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching <servername> found.
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:191) ~[na:1.7.0_45]
at sun.security.util.HostnameChecker.match(HostnameChecker.java:93) ~[na:1.7.0_45]
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:347) ~[na:1.7.0_45]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:203) ~[na:1.7.0_45]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) ~[na:1.7.0_45]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323) ~[na:1.7.0_45]
I understand that this is due to the cert CN not matching the host name.
My situation is the following: we are trying to load balance on two CAS servers: cas1 and cas2. We have an ssl cert signed for the virtual host, <whatever>.
domain.edu, which is placed on each of our cas servers. When Shib redirects to CAS, <whatever>.
domain.edu, I get the login page and submit it, then I go back to Shib and get an error. In the shib logs is the above stacktrace. I've checked the cas.properties on each server and all looks good (set to the virtual host). I'm running CAS 3.4.12 and CAS client 3.2.1.
Any recommendations around this issue? Thanks!
Brad Rippe
IT Project Leader
--
You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user