Centralized Server Cannot add url

30 views

Skip to first unread message

Tim McManamey

unread,

Aug 18, 2023, 1:26:28 PM8/18/23

to javamelody

I'm using version 1.95 in both jm and server. I am running the server from the command line with the following options: java -server -Xmx128m -jar javamelody-collector-server-1.95.0.war --httpPort=13900. Pages for both jm and serve come up fine. The issue is adding a url to the server. When I add a url I get "javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching svr405.dom.a found" I've tried using the ip and server name with the route for the jm but neither work. Does the message mean I need security on my server?

Thanks

evernat

unread,

Feb 13, 2024, 1:37:45 PMFeb 13

to javamelody

Hello and sorry for the delay.

You may have found a solution already. But I give an answer for everyone.

It seems that the URL of the application, which you are adding in the centralized collector server, starts with "https".

And when the collector server makes a https request to the application, it fails because of a SSL issue ("javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching svr405.dom.a found").

In this case of common name / "subject alternative DNS name" issue, you perhaps need to use the right DNS name in the https URL to match the certificate of the server to monitor or better SSL certificates in the server to match the DNS name.

Or for SSL issues in general, you may need to configure the launch of the collector server on the command line or the cacert file in its JVM, to have certificate or certificates of your https server to be able to make the https requests with SSL. The configuration of SSL in the collector server is like the standard SSL configuration of SSL in any java program (the SSL configuration often needs commands using openssl and keytool). Stackoverflow and others are your friends, but ignore any example of java code to disable SSL checks, since those examples can't be included in the javamelody collector server.

And sometimes, the all in one InstallCert (java source included) is just fine and simple, instead of openssl/keytool:

https://github.com/evernat/InstallCert

https://github.com/evernat/InstallCert/releases/download/1.0/InstallCert.jar

bye,

Emeric

Reply all

Reply to author

Forward

0 new messages