Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

HTTPS hostname wrong: should be <sub.domain.com>. What causes this?

Tags:

I am getting this 'HTTPS hostname wrong:' error when trying to connect to a server using https. My url looks something like this

https://sub.domain.com/tamnode/webapps/app/servlet. 

I connect using the following code

    // Create a URLConnection object for a URL     URL url = new URL(requestedURL);     HttpURLConnection.setFollowRedirects(false);      // connect     connection = (HttpURLConnection) url.openConnection();     connection.setDoOutput(true);     connection.setRequestProperty("User-Agent", USER_AGENT); //$NON-NLS-1$      OutputStreamWriter wr = new OutputStreamWriter(connection             .getOutputStream()); 

but then get an error

IOException: HTTPS hostname wrong:  should be <sub.domain.com>.      at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing     .... 

This is code which has worked in the past but no longer. There have been some changes to the system architecture but I need to get more data before approaching those responsible.

What can cause this error? Can I turn off the URLSpoofing check?

like image 762
paul Avatar asked Nov 26 '09 07:11

paul


2 Answers

It looks like the SSL certificate for domain.com has been given to sub.domain.com. Or, more likely, what was domain.com has been renamed to sub.domain.com without updating the SSL certificate.

like image 79
cletus Avatar answered Oct 10 '22 03:10

cletus


cletus is right about the probable cause.

There is a way to turn off the spoof checking, too.

You can create an object that implements HostnameVerifier that returns true under more circumstances than 'usual'.

You would replace the default HostnameVerifier by calling setHostnameVerifier on the connection object in the code in the question.

This answer was 'inspired by': http://www.java-samples.com/showtutorial.php?tutorialid=211

I found that link with this query: http://www.google.com/search?q=https+hostname+wrong+should+be

One more note: think twice before you do this. You will create an exploitable weakness in the security between your client and server components.

like image 31
vkraemer Avatar answered Oct 10 '22 01:10

vkraemer