I have two servers that need to speak with each other using HTTPS.
Let's call them 'server' and 'client' in this case where 'client is making an https call to 'server'.
In production the server will have a valid CA certificate but while testing we will use a self-signed certificate.
As I understand it this is what we have to do:
this is all done, but when making the call I get this error:
Caused by: javax.net.ssl.SSLPeerUnverifiedException: Host name 'docker-abc-123' does not match the certificate subject provided by the peer (CN=docker-abc-123, OU=unit, O=org, L=city, ST=area, C=xx)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:465) [httpclient-4.5.jar:4.5]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:395) [httpclient-4.5.jar:4.5]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) [httpclient-4.5.jar:4.5]
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) [httpclient-4.5.jar:4.5]
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) [httpclient-4.5.jar:4.5]
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) [httpclient-4.5.jar:4.5]
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) [httpclient-4.5.jar:4.5]
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) [httpclient-4.5.jar:4.5]
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) [httpclient-4.5.jar:4.5]
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) [httpclient-4.5.jar:4.5]
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) [httpclient-4.5.jar:4.5]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) [httpclient-4.5.jar:4.5]
at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:91) [spring-web-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48) [spring-web-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53) [spring-web-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:568) [spring-web-4.1.4.RELEASE.jar:4.1.4.RELEASE]
... 10 more
Even though the host name exactly matches the "Common Name" in the certificate. What can possibly cause this? Any ideas are welcome!
If there is a Subject Alternative Names extension in the certificate, the common name is ignored, and the SAN must include a matching identifier for your host.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With