javax.net.ssl.SSLException: Certificate for <HERE_GOES_SNI_NAME> doesn't match any of the subject alternative names: [HERE_GOES_NOT_SNI_NAME]

Atlassian JIRA | Mirek Hankus | 1 year ago
tip
Do you find the tips below useful? Click on the to mark them and say thanks to rafael . Or join the community to write better ones.
  1. 0

    Support for SNI in jira was implemented in JRA-24515, but after upgrade to JIRA 7.0.2 my logs are full of stacktraces like below. No user impact so far, but a lot of junk in log files makes it hard to track other problems with 7.0.2 {code} javax.net.ssl.SSLException: Certificate for <HERE_GOES_SNI_NAME> doesn't match any of the subject alternative names: [HERE_GOES_NOT_SNI_NAME] at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:164) at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:61) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:140) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:114) at org.apache.http.conn.ssl.SSLSocketFactory.verifyHostname(SSLSocketFactory.java:569) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:544) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446) at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) at com.atlassian.gadgets.renderer.internal.http.HttpClientFetcher.fetch(HttpClientFetcher.java:95) at org.apache.shindig.gadgets.DefaultGadgetSpecFactory.fetchObjectAndCache(DefaultGadgetSpecFactory.java:125) at org.apache.shindig.gadgets.DefaultGadgetSpecFactory.getGadgetSpec(DefaultGadgetSpecFactory.java:90) at com.atlassian.gadgets.renderer.internal.local.LocalGadgetSpecFactory.getGadgetSpec(LocalGadgetSpecFactory.java:71) at com.atlassian.gadgets.renderer.internal.local.LocalGadgetSpecFactory.getGadgetSpec(LocalGadgetSpecFactory.java:53) at com.atlassian.gadgets.renderer.internal.GadgetSpecFactoryImpl.getGadgetSpec(GadgetSpecFactoryImpl.java:141) at com.atlassian.gadgets.renderer.internal.GadgetSpecFactoryImpl.getGadgetSpec(GadgetSpecFactoryImpl.java:81) ... 2 filtered at java.lang.reflect.Method.invoke(Method.java:497) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:56) at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:60) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invokeUnprivileged(ServiceTCCLInterceptor.java:70) at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invoke(ServiceTCCLInterceptor.java:53) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.eclipse.gemini.blueprint.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:57) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207) at com.sun.proxy.$Proxy1663.getGadgetSpec(Unknown Source) at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl.createSpecificationBasedGadget(GadgetFactoryImpl.java:142) at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl.access$000(GadgetFactoryImpl.java:41) at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl$1.visit(GadgetFactoryImpl.java:79) at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl$1.visit(GadgetFactoryImpl.java:75) at com.atlassian.gadgets.GadgetState.accept(GadgetState.java:145) at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl.createDashboardItem(GadgetFactoryImpl.java:74) at com.atlassian.gadgets.dashboard.internal.impl.StateConverterImpl.convertStateToGadget(StateConverterImpl.java:32) at com.atlassian.gadgets.dashboard.internal.impl.DashboardImpl$DashboardItemStateConverter.apply(DashboardImpl.java:232) at com.atlassian.gadgets.dashboard.internal.impl.DashboardImpl$DashboardItemStateConverter.apply(DashboardImpl.java:228) at com.google.common.collect.Iterators$8.transform(Iterators.java:799) at com.google.common.collect.TransformedIterator.next(TransformedIterator.java:48) at com.google.common.collect.TransformedIterator.next(TransformedIterator.java:48) at com.google.common.collect.Iterators$7.computeNext(Iterators.java:651) at com.google.common.collect.AbstractIterator.tryToComputeNext(AbstractIterator.java:143) at com.google.common.collect.AbstractIterator.hasNext(AbstractIterator.java:138) at com.google.common.collect.Iterators$7.computeNext(Iterators.java:650) at com.google.common.collect.AbstractIterator.tryToComputeNext(AbstractIterator.java:143) at com.google.common.collect.AbstractIterator.hasNext(AbstractIterator.java:138) {code} h3. Notes The SSLPoke tool (used as described [here|https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html]) may not indicate a problem with SSL certificates, when alternative address are being used with SNI. Using this tool - https://bitbucket.org/atlassianlabs/httpclienttest/overview together with the SSL poke tool is a good way to determine if you're affected by this bug.

    Atlassian JIRA | 1 year ago | Mirek Hankus
    javax.net.ssl.SSLException: Certificate for <HERE_GOES_SNI_NAME> doesn't match any of the subject alternative names: [HERE_GOES_NOT_SNI_NAME]
  2. 0

    Support for SNI in jira was implemented in JRA-24515, but after upgrade to JIRA 7.0.2 my logs are full of stacktraces like below. No user impact so far, but a lot of junk in log files makes it hard to track other problems with 7.0.2 {code} javax.net.ssl.SSLException: Certificate for <HERE_GOES_SNI_NAME> doesn't match any of the subject alternative names: [HERE_GOES_NOT_SNI_NAME] at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:164) at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:61) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:140) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:114) at org.apache.http.conn.ssl.SSLSocketFactory.verifyHostname(SSLSocketFactory.java:569) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:544) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446) at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) at com.atlassian.gadgets.renderer.internal.http.HttpClientFetcher.fetch(HttpClientFetcher.java:95) at org.apache.shindig.gadgets.DefaultGadgetSpecFactory.fetchObjectAndCache(DefaultGadgetSpecFactory.java:125) at org.apache.shindig.gadgets.DefaultGadgetSpecFactory.getGadgetSpec(DefaultGadgetSpecFactory.java:90) at com.atlassian.gadgets.renderer.internal.local.LocalGadgetSpecFactory.getGadgetSpec(LocalGadgetSpecFactory.java:71) at com.atlassian.gadgets.renderer.internal.local.LocalGadgetSpecFactory.getGadgetSpec(LocalGadgetSpecFactory.java:53) at com.atlassian.gadgets.renderer.internal.GadgetSpecFactoryImpl.getGadgetSpec(GadgetSpecFactoryImpl.java:141) at com.atlassian.gadgets.renderer.internal.GadgetSpecFactoryImpl.getGadgetSpec(GadgetSpecFactoryImpl.java:81) ... 2 filtered at java.lang.reflect.Method.invoke(Method.java:497) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:56) at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:60) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invokeUnprivileged(ServiceTCCLInterceptor.java:70) at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invoke(ServiceTCCLInterceptor.java:53) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.eclipse.gemini.blueprint.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:57) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207) at com.sun.proxy.$Proxy1663.getGadgetSpec(Unknown Source) at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl.createSpecificationBasedGadget(GadgetFactoryImpl.java:142) at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl.access$000(GadgetFactoryImpl.java:41) at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl$1.visit(GadgetFactoryImpl.java:79) at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl$1.visit(GadgetFactoryImpl.java:75) at com.atlassian.gadgets.GadgetState.accept(GadgetState.java:145) at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl.createDashboardItem(GadgetFactoryImpl.java:74) at com.atlassian.gadgets.dashboard.internal.impl.StateConverterImpl.convertStateToGadget(StateConverterImpl.java:32) at com.atlassian.gadgets.dashboard.internal.impl.DashboardImpl$DashboardItemStateConverter.apply(DashboardImpl.java:232) at com.atlassian.gadgets.dashboard.internal.impl.DashboardImpl$DashboardItemStateConverter.apply(DashboardImpl.java:228) at com.google.common.collect.Iterators$8.transform(Iterators.java:799) at com.google.common.collect.TransformedIterator.next(TransformedIterator.java:48) at com.google.common.collect.TransformedIterator.next(TransformedIterator.java:48) at com.google.common.collect.Iterators$7.computeNext(Iterators.java:651) at com.google.common.collect.AbstractIterator.tryToComputeNext(AbstractIterator.java:143) at com.google.common.collect.AbstractIterator.hasNext(AbstractIterator.java:138) at com.google.common.collect.Iterators$7.computeNext(Iterators.java:650) at com.google.common.collect.AbstractIterator.tryToComputeNext(AbstractIterator.java:143) at com.google.common.collect.AbstractIterator.hasNext(AbstractIterator.java:138) {code} h3. Notes The SSLPoke tool (used as described [here|https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html]) may not indicate a problem with SSL certificates, when alternative address are being used with SNI. Using this tool - https://bitbucket.org/atlassianlabs/httpclienttest/overview together with the SSL poke tool is a good way to determine if you're affected by this bug.

    Atlassian JIRA | 1 year ago | Mirek Hankus
    javax.net.ssl.SSLException: Certificate for <HERE_GOES_SNI_NAME> doesn't match any of the subject alternative names: [HERE_GOES_NOT_SNI_NAME]
  3. 0
    samebug tip
    WireMock, until 1.5.2, only worked with keystores with the password: "password", this was fixed in 1.5.3. Another issue that causes this exception was fixed in 1.5.3 as well.
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    HTTPS support with keystore

    GitHub | 3 years ago | ljhljh235
    javax.net.ssl.SSLException: hostname in certificate didn't match: <localhost> != <tom akehurst>
  6. 0

    GitHub comment 151#68683262

    GitHub | 2 years ago | rudiw
    javax.net.ssl.SSLException: hostname in certificate didn't match: <pic.tuneeca.com> != <ssl2000.cloudflare.com> OR <ssl2000.cloudflare.com> OR <cloudflare.com> OR <*.cloudflare.com>

    4 unregistered visitors
    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. javax.net.ssl.SSLException

      Certificate for <HERE_GOES_SNI_NAME> doesn't match any of the subject alternative names: [HERE_GOES_NOT_SNI_NAME]

      at org.apache.http.conn.ssl.AbstractVerifier.verify()
    2. Apache HttpClient
      CloseableHttpClient.execute
      1. org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:164)
      2. org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:61)
      3. org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:140)
      4. org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:114)
      5. org.apache.http.conn.ssl.SSLSocketFactory.verifyHostname(SSLSocketFactory.java:569)
      6. org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:544)
      7. org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409)
      8. org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
      9. org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
      10. org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
      11. org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
      12. org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
      13. org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
      14. org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
      15. org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
      15 frames
    3. com.atlassian.gadgets
      HttpClientFetcher.fetch
      1. com.atlassian.gadgets.renderer.internal.http.HttpClientFetcher.fetch(HttpClientFetcher.java:95)
      1 frame
    4. org.apache.shindig
      DefaultGadgetSpecFactory.getGadgetSpec
      1. org.apache.shindig.gadgets.DefaultGadgetSpecFactory.fetchObjectAndCache(DefaultGadgetSpecFactory.java:125)
      2. org.apache.shindig.gadgets.DefaultGadgetSpecFactory.getGadgetSpec(DefaultGadgetSpecFactory.java:90)
      2 frames
    5. com.atlassian.gadgets
      GadgetSpecFactoryImpl.getGadgetSpec
      1. com.atlassian.gadgets.renderer.internal.local.LocalGadgetSpecFactory.getGadgetSpec(LocalGadgetSpecFactory.java:71)
      2. com.atlassian.gadgets.renderer.internal.local.LocalGadgetSpecFactory.getGadgetSpec(LocalGadgetSpecFactory.java:53)
      3. com.atlassian.gadgets.renderer.internal.GadgetSpecFactoryImpl.getGadgetSpec(GadgetSpecFactoryImpl.java:141)
      4. com.atlassian.gadgets.renderer.internal.GadgetSpecFactoryImpl.getGadgetSpec(GadgetSpecFactoryImpl.java:81)
      4 frames