javax.net.ssl.SSLException: Certificate for <HERE_GOES_SNI_NAME> doesn't match any of the subject alternative names: [HERE_GOES_NOT_SNI_NAME]

Atlassian JIRA | Mirek Hankus | 1 year ago
  1. 0

    Support for SNI in jira was implemented in JRA-24515, but after upgrade to JIRA 7.0.2 my logs are full of stacktraces like below. No user impact so far, but a lot of junk in log files makes it hard to track other problems with 7.0.2 {code} javax.net.ssl.SSLException: Certificate for <HERE_GOES_SNI_NAME> doesn't match any of the subject alternative names: [HERE_GOES_NOT_SNI_NAME] at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:164) at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:61) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:140) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:114) at org.apache.http.conn.ssl.SSLSocketFactory.verifyHostname(SSLSocketFactory.java:569) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:544) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446) at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) at com.atlassian.gadgets.renderer.internal.http.HttpClientFetcher.fetch(HttpClientFetcher.java:95) at org.apache.shindig.gadgets.DefaultGadgetSpecFactory.fetchObjectAndCache(DefaultGadgetSpecFactory.java:125) at org.apache.shindig.gadgets.DefaultGadgetSpecFactory.getGadgetSpec(DefaultGadgetSpecFactory.java:90) at com.atlassian.gadgets.renderer.internal.local.LocalGadgetSpecFactory.getGadgetSpec(LocalGadgetSpecFactory.java:71) at com.atlassian.gadgets.renderer.internal.local.LocalGadgetSpecFactory.getGadgetSpec(LocalGadgetSpecFactory.java:53) at com.atlassian.gadgets.renderer.internal.GadgetSpecFactoryImpl.getGadgetSpec(GadgetSpecFactoryImpl.java:141) at com.atlassian.gadgets.renderer.internal.GadgetSpecFactoryImpl.getGadgetSpec(GadgetSpecFactoryImpl.java:81) ... 2 filtered at java.lang.reflect.Method.invoke(Method.java:497) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:56) at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:60) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invokeUnprivileged(ServiceTCCLInterceptor.java:70) at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invoke(ServiceTCCLInterceptor.java:53) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.eclipse.gemini.blueprint.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:57) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207) at com.sun.proxy.$Proxy1663.getGadgetSpec(Unknown Source) at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl.createSpecificationBasedGadget(GadgetFactoryImpl.java:142) at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl.access$000(GadgetFactoryImpl.java:41) at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl$1.visit(GadgetFactoryImpl.java:79) at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl$1.visit(GadgetFactoryImpl.java:75) at com.atlassian.gadgets.GadgetState.accept(GadgetState.java:145) at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl.createDashboardItem(GadgetFactoryImpl.java:74) at com.atlassian.gadgets.dashboard.internal.impl.StateConverterImpl.convertStateToGadget(StateConverterImpl.java:32) at com.atlassian.gadgets.dashboard.internal.impl.DashboardImpl$DashboardItemStateConverter.apply(DashboardImpl.java:232) at com.atlassian.gadgets.dashboard.internal.impl.DashboardImpl$DashboardItemStateConverter.apply(DashboardImpl.java:228) at com.google.common.collect.Iterators$8.transform(Iterators.java:799) at com.google.common.collect.TransformedIterator.next(TransformedIterator.java:48) at com.google.common.collect.TransformedIterator.next(TransformedIterator.java:48) at com.google.common.collect.Iterators$7.computeNext(Iterators.java:651) at com.google.common.collect.AbstractIterator.tryToComputeNext(AbstractIterator.java:143) at com.google.common.collect.AbstractIterator.hasNext(AbstractIterator.java:138) at com.google.common.collect.Iterators$7.computeNext(Iterators.java:650) at com.google.common.collect.AbstractIterator.tryToComputeNext(AbstractIterator.java:143) at com.google.common.collect.AbstractIterator.hasNext(AbstractIterator.java:138) {code} h3. Notes The SSLPoke tool (used as described [here|https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html]) may not indicate a problem with SSL certificates, when alternative address are being used with SNI. Using this tool - https://bitbucket.org/atlassianlabs/httpclienttest/overview together with the SSL poke tool is a good way to determine if you're affected by this bug.

    Atlassian JIRA | 1 year ago | Mirek Hankus
    javax.net.ssl.SSLException: Certificate for <HERE_GOES_SNI_NAME> doesn't match any of the subject alternative names: [HERE_GOES_NOT_SNI_NAME]
  2. 0

    Support for SNI in jira was implemented in JRA-24515, but after upgrade to JIRA 7.0.2 my logs are full of stacktraces like below. No user impact so far, but a lot of junk in log files makes it hard to track other problems with 7.0.2 {code} javax.net.ssl.SSLException: Certificate for <HERE_GOES_SNI_NAME> doesn't match any of the subject alternative names: [HERE_GOES_NOT_SNI_NAME] at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:164) at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:61) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:140) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:114) at org.apache.http.conn.ssl.SSLSocketFactory.verifyHostname(SSLSocketFactory.java:569) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:544) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446) at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) at com.atlassian.gadgets.renderer.internal.http.HttpClientFetcher.fetch(HttpClientFetcher.java:95) at org.apache.shindig.gadgets.DefaultGadgetSpecFactory.fetchObjectAndCache(DefaultGadgetSpecFactory.java:125) at org.apache.shindig.gadgets.DefaultGadgetSpecFactory.getGadgetSpec(DefaultGadgetSpecFactory.java:90) at com.atlassian.gadgets.renderer.internal.local.LocalGadgetSpecFactory.getGadgetSpec(LocalGadgetSpecFactory.java:71) at com.atlassian.gadgets.renderer.internal.local.LocalGadgetSpecFactory.getGadgetSpec(LocalGadgetSpecFactory.java:53) at com.atlassian.gadgets.renderer.internal.GadgetSpecFactoryImpl.getGadgetSpec(GadgetSpecFactoryImpl.java:141) at com.atlassian.gadgets.renderer.internal.GadgetSpecFactoryImpl.getGadgetSpec(GadgetSpecFactoryImpl.java:81) ... 2 filtered at java.lang.reflect.Method.invoke(Method.java:497) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:56) at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:60) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invokeUnprivileged(ServiceTCCLInterceptor.java:70) at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invoke(ServiceTCCLInterceptor.java:53) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.eclipse.gemini.blueprint.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:57) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207) at com.sun.proxy.$Proxy1663.getGadgetSpec(Unknown Source) at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl.createSpecificationBasedGadget(GadgetFactoryImpl.java:142) at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl.access$000(GadgetFactoryImpl.java:41) at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl$1.visit(GadgetFactoryImpl.java:79) at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl$1.visit(GadgetFactoryImpl.java:75) at com.atlassian.gadgets.GadgetState.accept(GadgetState.java:145) at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl.createDashboardItem(GadgetFactoryImpl.java:74) at com.atlassian.gadgets.dashboard.internal.impl.StateConverterImpl.convertStateToGadget(StateConverterImpl.java:32) at com.atlassian.gadgets.dashboard.internal.impl.DashboardImpl$DashboardItemStateConverter.apply(DashboardImpl.java:232) at com.atlassian.gadgets.dashboard.internal.impl.DashboardImpl$DashboardItemStateConverter.apply(DashboardImpl.java:228) at com.google.common.collect.Iterators$8.transform(Iterators.java:799) at com.google.common.collect.TransformedIterator.next(TransformedIterator.java:48) at com.google.common.collect.TransformedIterator.next(TransformedIterator.java:48) at com.google.common.collect.Iterators$7.computeNext(Iterators.java:651) at com.google.common.collect.AbstractIterator.tryToComputeNext(AbstractIterator.java:143) at com.google.common.collect.AbstractIterator.hasNext(AbstractIterator.java:138) at com.google.common.collect.Iterators$7.computeNext(Iterators.java:650) at com.google.common.collect.AbstractIterator.tryToComputeNext(AbstractIterator.java:143) at com.google.common.collect.AbstractIterator.hasNext(AbstractIterator.java:138) {code} h3. Notes The SSLPoke tool (used as described [here|https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html]) may not indicate a problem with SSL certificates, when alternative address are being used with SNI. Using this tool - https://bitbucket.org/atlassianlabs/httpclienttest/overview together with the SSL poke tool is a good way to determine if you're affected by this bug.

    Atlassian JIRA | 1 year ago | Mirek Hankus
    javax.net.ssl.SSLException: Certificate for <HERE_GOES_SNI_NAME> doesn't match any of the subject alternative names: [HERE_GOES_NOT_SNI_NAME]
  3. 0

    GitHub comment 152#142536855

    GitHub | 1 year ago | klvries
    org.springframework.ws.client.WebServiceIOException: I/O error: hostname in certificate didn't match: <localhost> != <osgp-tst.cloudapp.net>; nested exception is javax.net.ssl.SSLException: hostname in certificate didn't match: <localhost> != <osgp-tst.cloudapp.net>
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    Problems connecting/authenticating to secure XML-based Ruby-on-Rails website

    Stack Overflow | 1 year ago | Jurge92
    javax.net.ssl.SSLException: Certificate for <93...145> doesn't match common name of the certificate subject: dev-...no
  6. 0

    HTTPS support with keystore

    GitHub | 2 years ago | ljhljh235
    javax.net.ssl.SSLException: hostname in certificate didn't match: <localhost> != <tom akehurst>

    4 unregistered visitors
    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. javax.net.ssl.SSLException

      Certificate for <HERE_GOES_SNI_NAME> doesn't match any of the subject alternative names: [HERE_GOES_NOT_SNI_NAME]

      at org.apache.http.conn.ssl.AbstractVerifier.verify()
    2. Apache HttpClient
      CloseableHttpClient.execute
      1. org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:164)
      2. org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:61)
      3. org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:140)
      4. org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:114)
      5. org.apache.http.conn.ssl.SSLSocketFactory.verifyHostname(SSLSocketFactory.java:569)
      6. org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:544)
      7. org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409)
      8. org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
      9. org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
      10. org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
      11. org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
      12. org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
      13. org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
      14. org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
      15. org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
      15 frames
    3. com.atlassian.gadgets
      HttpClientFetcher.fetch
      1. com.atlassian.gadgets.renderer.internal.http.HttpClientFetcher.fetch(HttpClientFetcher.java:95)
      1 frame
    4. org.apache.shindig
      DefaultGadgetSpecFactory.getGadgetSpec
      1. org.apache.shindig.gadgets.DefaultGadgetSpecFactory.fetchObjectAndCache(DefaultGadgetSpecFactory.java:125)
      2. org.apache.shindig.gadgets.DefaultGadgetSpecFactory.getGadgetSpec(DefaultGadgetSpecFactory.java:90)
      2 frames
    5. com.atlassian.gadgets
      GadgetSpecFactoryImpl.getGadgetSpec
      1. com.atlassian.gadgets.renderer.internal.local.LocalGadgetSpecFactory.getGadgetSpec(LocalGadgetSpecFactory.java:71)
      2. com.atlassian.gadgets.renderer.internal.local.LocalGadgetSpecFactory.getGadgetSpec(LocalGadgetSpecFactory.java:53)
      3. com.atlassian.gadgets.renderer.internal.GadgetSpecFactoryImpl.getGadgetSpec(GadgetSpecFactoryImpl.java:141)
      4. com.atlassian.gadgets.renderer.internal.GadgetSpecFactoryImpl.getGadgetSpec(GadgetSpecFactoryImpl.java:81)
      4 frames