javax.net.ssl.SSLException: hostname in certificate didn't match: <expectedhost> != <defaulthost>

Atlassian JIRA | Martin Burger | 4 years ago
  1. 0

    I wanted to create an application link between Stash and JIRA. Both run behind an individual Apache SSL proxy (stash.company.com and jira.company.com). The Apache server uses GnuTLS / SNI (Server Name Indication) to provide the required reverse proxy instances using one single ip address. Both with Java 6 and 7, Stash is not able to establish a secure connection (Stash reports it could not connect to the server). However, using a reasonably modern browser, I am perfectly able to access both applications via https (https://stash.company.com/ and https://jira.company.com/). With Java 6, this failes with the following Apache error log message: "Invalid method in request \x80e\x01\x03\x01". This is because Java 6 does not implement SNI. Therefore, I upgraded to Java 7 which implements SNI. Unfortunately, then I get the following Apache error message: "Invalid method in request \x16\x03\x01". Thus, Stash still does not make a proper request. Unfortunately, it seems that Jakarta Commons-HttpClient currently does not support SNI, see https://issues.apache.org/jira/browse/HTTPCLIENT-1119 for details. Attempting to connect to SNI enabled host 'expectedhost' over SSL using http client could also result in an SSLException similar to: {noformat} javax.net.ssl.SSLException: hostname in certificate didn't match: <expectedhost> != <defaulthost> at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220) {noformat} ---- h4. Workaround for creating applinks between JIRA and Stash: Please refer to [this comment|https://jira.atlassian.com/browse/JRA-40968?focusedCommentId=690919&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-690919] by Christopher S. Hebert. (/) The key point is to use localhost as Application URLs, while keeping HTTPS as Display and Base URLs, in both JIRA and Stash.

    Atlassian JIRA | 4 years ago | Martin Burger
    javax.net.ssl.SSLException: hostname in certificate didn't match: <expectedhost> != <defaulthost>
  2. 0

    I wanted to create an application link between Stash and JIRA. Both run behind an individual Apache SSL proxy (stash.company.com and jira.company.com). The Apache server uses GnuTLS / SNI (Server Name Indication) to provide the required reverse proxy instances using one single ip address. Both with Java 6 and 7, Stash is not able to establish a secure connection (Stash reports it could not connect to the server). However, using a reasonably modern browser, I am perfectly able to access both applications via https (https://stash.company.com/ and https://jira.company.com/). With Java 6, this failes with the following Apache error log message: "Invalid method in request \x80e\x01\x03\x01". This is because Java 6 does not implement SNI. Therefore, I upgraded to Java 7 which implements SNI. Unfortunately, then I get the following Apache error message: "Invalid method in request \x16\x03\x01". Thus, Stash still does not make a proper request. Unfortunately, it seems that Jakarta Commons-HttpClient currently does not support SNI, see https://issues.apache.org/jira/browse/HTTPCLIENT-1119 for details. Attempting to connect to SNI enabled host 'expectedhost' over SSL using http client could also result in an SSLException similar to: {noformat} javax.net.ssl.SSLException: hostname in certificate didn't match: <expectedhost> != <defaulthost> at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220) {noformat} ---- h4. Workaround for creating applinks between JIRA and Stash: Please refer to [this comment|https://jira.atlassian.com/browse/JRA-40968?focusedCommentId=690919&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-690919] by Christopher S. Hebert. (/) The key point is to use localhost as Application URLs, while keeping HTTPS as Display and Base URLs, in both JIRA and Stash.

    Atlassian JIRA | 4 years ago | Martin Burger
    javax.net.ssl.SSLException: hostname in certificate didn't match: <expectedhost> != <defaulthost>
  3. 0

    getting SSLException while making RESTful call

    Stack Overflow | 2 years ago | Nani
    javax.net.ssl.SSLException: hostname in certificate didn't match: &lt;17.91.15.84&gt; != &lt;My-PC&gt;
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    GitHub comment 73#251150783

    GitHub | 2 months ago | gsomoza
    javax.net.ssl.SSLException: hostname in certificate didn't match: <strategery.harvestapp.com> != <*.harvest.systems> OR <*.harvest.systems> OR <harvest.systems>
  6. 0

    How to make Apache Camel Restlet producer to ignore SSL hostname verification

    Stack Overflow | 2 years ago | Aldo
    javax.net.ssl.SSLException: hostname in certificate didn't match: &lt;192.168.1.1&gt; != &lt;localhost&gt;

  1. VeryRedChris 3 times, last 1 month ago
  2. joni1408 502 times, last 6 months ago
  3. dmitry 1 times, last 7 months ago
Not finding the right solution?
Take a tour to get the most out of Samebug.

Tired of useless tips?

Automated exception search integrated into your IDE

Root Cause Analysis

  1. javax.net.ssl.SSLException

    hostname in certificate didn't match: <expectedhost> != <defaulthost>

    at org.apache.http.conn.ssl.AbstractVerifier.verify()
  2. Apache HttpClient
    AbstractVerifier.verify
    1. org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220)
    1 frame