cert.CertificateException: No name matching localhost found

coderanch.com | 2 months ago
  1. 0

    web service security issue (Web Services forum at Coderanch)

    coderanch.com | 5 months ago
    cert.CertificateException: No name matching localhost found
  2. 0

    web service security issue (Web Services forum at Coderanch)

    coderanch.com | 2 months ago
    cert.CertificateException: No name matching localhost found
  3. 0

    [JENKINS-12629] Using jenkins-cli connecting to HTTPS port fails due to hostname mismatch in certificate - Jenkins JIRA

    jenkins-ci.org | 7 months ago
    java.io.IOException: Failed to connect to https://foo.bar.host:8080/
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    We have Jenkins setup to use only HTTPS port with arguments "--httpPort=-1 --httpsPort=8080" that starts server with self signed certificate. Using web browser is all ok but when connecting with jenkins-cli.jar it fails due to hostname not being the same as server actual hostname. Steps to reproduce (using bash): {noformat} JENKINS_HOST=foo.bar.host JENKINS_PORT=8080 JENKINS_URL=https://${JENKINS_HOST}:${JENKINS_PORT} # Get HTTPS certificate for java openssl s_client -connect ${JENKINS_HOST}:${JENKINS_PORT} </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${JENKINS_HOST}.cer keytool -import -noprompt -trustcacerts -alias ${JENKINS_HOST} -file ${JENKINS_HOST}.cer -keystore myKeystore -storepass 123456 keytool -list -v -keystore myKeystore -storepass 123456 # Get jenkins-cli wget --no-check-certificate ${JENKINS_URL}/jnlpJars/jenkins-cli.jar # Test access alias jcli="java -Djavax.net.ssl.trustStore=myKeystore -Djavax.net.ssl.trustStorePassword=123456 -jar jenkins-cli.jar -s ${JENKINS_URL,,}" jcli help {noformat} Error displayed: {noformat} Exception in thread "main" java.io.IOException: Failed to connect to https://foo.bar.host:8080/ at hudson.cli.CLI.getCliTcpPort(CLI.java:211) at hudson.cli.CLI.<init>(CLI.java:115) at hudson.cli.CLI._main(CLI.java:375) at hudson.cli.CLI.main(CLI.java:314) Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name mat ching localhost found at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source) at hudson.cli.CLI.getCliTcpPort(CLI.java:209) ... 3 more Caused by: java.security.cert.CertificateException: No name matching localhost found at sun.security.util.HostnameChecker.matchDNS(Unknown Source) at sun.security.util.HostnameChecker.match(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ... 15 more {noformat} I think the root cause is related to how the self-certificate is being generated that should be using the machine actual hostname in the CN part instead of "Test site": {noformat} Owner: CN=Test site, OU=Unknown, O=Unknown, C=Unknown Issuer: CN=Test site, OU=Unknown, O=Unknown, C=Unknown {noformat}

    Jenkins JIRA | 5 years ago | Jose Sa
    java.io.IOException: Failed to connect to https://foo.bar.host:8080/
  6. 0

    We have Jenkins setup to use only HTTPS port with arguments "--httpPort=-1 --httpsPort=8080" that starts server with self signed certificate. Using web browser is all ok but when connecting with jenkins-cli.jar it fails due to hostname not being the same as server actual hostname. Steps to reproduce (using bash): {noformat} JENKINS_HOST=foo.bar.host JENKINS_PORT=8080 JENKINS_URL=https://${JENKINS_HOST}:${JENKINS_PORT} # Get HTTPS certificate for java openssl s_client -connect ${JENKINS_HOST}:${JENKINS_PORT} </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${JENKINS_HOST}.cer keytool -import -noprompt -trustcacerts -alias ${JENKINS_HOST} -file ${JENKINS_HOST}.cer -keystore myKeystore -storepass 123456 keytool -list -v -keystore myKeystore -storepass 123456 # Get jenkins-cli wget --no-check-certificate ${JENKINS_URL}/jnlpJars/jenkins-cli.jar # Test access alias jcli="java -Djavax.net.ssl.trustStore=myKeystore -Djavax.net.ssl.trustStorePassword=123456 -jar jenkins-cli.jar -s ${JENKINS_URL,,}" jcli help {noformat} Error displayed: {noformat} Exception in thread "main" java.io.IOException: Failed to connect to https://foo.bar.host:8080/ at hudson.cli.CLI.getCliTcpPort(CLI.java:211) at hudson.cli.CLI.<init>(CLI.java:115) at hudson.cli.CLI._main(CLI.java:375) at hudson.cli.CLI.main(CLI.java:314) Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name mat ching localhost found at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source) at hudson.cli.CLI.getCliTcpPort(CLI.java:209) ... 3 more Caused by: java.security.cert.CertificateException: No name matching localhost found at sun.security.util.HostnameChecker.matchDNS(Unknown Source) at sun.security.util.HostnameChecker.match(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ... 15 more {noformat} I think the root cause is related to how the self-certificate is being generated that should be using the machine actual hostname in the CN part instead of "Test site": {noformat} Owner: CN=Test site, OU=Unknown, O=Unknown, C=Unknown Issuer: CN=Test site, OU=Unknown, O=Unknown, C=Unknown {noformat}

    Jenkins JIRA | 5 years ago | Jose Sa
    java.io.IOException: Failed to connect to https://foo.bar.host:8080/

  1. rp 1 times, last 8 months ago
  2. poroszd 1 times, last 9 months ago
14 unregistered visitors
Not finding the right solution?
Take a tour to get the most out of Samebug.

Tired of useless tips?

Automated exception search integrated into your IDE

Root Cause Analysis

  1. java.security.cert.CertificateException

    No name matching localhost found

    at sun.security.util.HostnameChecker.matchDNS()
  2. Java RT
    HostnameChecker.match
    1. sun.security.util.HostnameChecker.matchDNS(Unknown Source)
    2. sun.security.util.HostnameChecker.match(Unknown Source)
    2 frames
  3. Java JSSE
    SSLSocketImpl.startHandshake
    1. com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
    2. com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    3. com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    4. com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
    5. com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
    6. com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
    7. com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
    8. com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    9. com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    10. com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    10 frames
  4. Java RT
    SEIStub.invoke
    1. sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    2. sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    3. sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
    4. sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
    5. com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(Unknown Source)
    6. com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(Unknown Source)
    7. com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(Unknown Source)
    8. com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(Unknown Source)
    9. com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source)
    10. com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source)
    11. com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source)
    12. com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source)
    13. com.sun.xml.internal.ws.client.Stub.process(Unknown Source)
    14. com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(Unknown Source)
    15. com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
    16. com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
    17. com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown Source)
    17 frames
  5. Unknown
    SecurityClient.main
    1. $Proxy29.secretInfo(Unknown Source)
    2. SecurityClient.main(SecurityClient.java:19)
    2 frames