How to disable SSL hostname checker?

[steven....@gmail.com]

Hi

I just upgraded to 4.2.1 from 4.1.0, https from proxy to backend service stop working due to following errors:

Caused by: java.security.cert.CertificateException: No name matching test-service found
        at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:221)
        at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
        at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
        at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)

the "test-service" is a hostname in /etc/hosts.

proxy and backend service share the same keystore which is self-generated.

Is there a way to disable the check? or any other way as a workaround?  

since I need make it work in a dev/lab environment.

I also tried using the ip address instead of "test-service", did not work, I got error:

 

java.security.cert.CertificateException: No subject alternative names

Any help would be appreciated.

Thanks in advance.

Steven.

[Tobias Polley]

Hi Steven,

please try

<serviceProxy>
    <target>
        <ssl endpointIdentificationAlgorithm="">
            ...
        </ssl>
    </target>
</serviceProxy>

Best, Tobias

[steven....@gmail.com]

Thanks a lot, it work fine.