SSL SNI Client failure on JBoss EAP with Apache HttpComponents
Issue
- Calling external services fails
-
Connection gets exception
Caused by: javax.net.ssl.SSLException: Certificate for <webapp.hostname1.xyz> doesn't match any of the subject alternative names: [*.hostname2.xyz, hostname2.xyz] at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:164) at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:61) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:140) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:114) at org.apache.http.conn.ssl.SSLSocketFactory.verifyHostname(SSLSocketFactory.java:569) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:544) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446) at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) at org.springframework.ws.transport.http.HttpComponentsConnection.onSendAfterWrite(HttpComponentsConnection.java:119) at org.springframework.ws.transport.AbstractWebServiceConnection.send(AbstractWebServiceConnection.java:47) at org.springframework.ws.client.core.WebServiceTemplate.sendRequest(WebServiceTemplate.java:624) at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:587) at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:539) ... 110 more
Environment
- Java Development Environment (JDK) 1.8 / 8 update 131
- Apache HttpComponents SSL Client
- Server Name Indication (SNI)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.