Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

using ssl against bad certificates.

0 views
Skip to first unread message

steven

unread,
Nov 13, 2001, 11:06:24 AM11/13/01
to

java.io.IOException: Certificate SubjectDN CommonName received does not match server
hostname
at weblogic.security.SSL.SSLSocket.clientInit(SSLSocket.java:454)
at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:265)
at weblogic.security.SSL.SSLSocket.<init>(SSLSocket.java:212)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:85)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:143)
at weblogic.net.http.HttpsClient.<init>(HttpsClient.java:67)
at weblogic.net.http.HttpsURLConnection.getHttpClient(HttpsURLConnection.java:47)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:311)
at java.net.URL.openStream(URL.java:798)

This is what I am trying:
System.setProperty( "java.protocol.handler.pkgs",
"weblogic.net|weblogic.management|weblogic.net|weblogic.utils");

System.setProperty( "weblogic.security.SSL.hostnameVerifier",
"com.prescient.pfs.common.system.NulledHostnameVerifier");

System.setProperty( "weblogic.security.SSL.ignoreHostnameVerification",
true" );


1) What changed from 6.0 to 6.1?
2) Why does this work from a stand-alone client? (are there any special properties
that are set up during weblogic startup?)
3) Is there anything else I can try?
4) What is the HostnameVerifier for? (It seems like it isn't being used in this
case)

thanks,
-steven

Roman Elizarov

unread,
Feb 28, 2002, 4:27:52 AM2/28/02
to
Hi!

We've been having the similar problem with BEA Weblogic 5.1 Service Pack 11. The exception "Certificate SubjectDN CommonName received does not match server" is reported by Weblogic RMI layer even if we have properly named certificate for our cluster. The problem appears in some failover scenarious where RMI layer begin reconnecting to live server via god-knowns-what names, which, of course, do not match the name in our certificate.

Don't beleave BEA's FAQ on that issue ;) They write just crap there. First of all, they spell the name of the propertly incorrectly, which _is_ case-sensitive. The corrent spelling is: "weblogic.security.SSL.ignoreHostnameVerification". Second, it makes no difference on the server side - hostname verification happens on the client side. You must have -Dweblogic.security.SSL.ignoreHostnameVerification=true in your client JVM system properties _before_ you try to establish any connection to weblogic server. This is the only solution I know and it helped us.

0 new messages