Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Nagaraj Ponnurangam (NagarajP0101)
ING Belgium SA NV

ING Belgium SA NV
BE
NagarajP0101 Member since 2017 54 posts
ING Belgium SA NV
Posted: Apr 11, 2018
Last activity: Jun 3, 2020
Posted: 11 Apr 2018 6:21 EDT
Last activity: 3 Jun 2020 10:04 EDT
Closed

exception: javax.net.ssl.SSLException: hostname in certificate didn't match: !=

Hi Team,

getting below exception while trying to invoke the Rest service

exception: javax.net.ssl.SSLException: hostname in certificate didn't match: !=

Issue background : Rest service is been accessed earlier without any truststore\keystore. Now there was change from infra side(security reasons) because of which we will have to configured new truststore and keystore.

We tried creating jks file for the same and tried configuring truststore and then keystore(trial & error) .And getting the mentioned exception.

Kindly advise what should be configured in trust store and keystore? what is the things we are missing here?

Please note that we did DSS settings https/allowAllHostnames as false.

To see attachments, please log in.
Low-Code App Development

Posted: 6 years ago
Posted: 12 Apr 2018 5:52 EDT
Sudhakar Reddy Yaparla (YSudhakarReddy)
JPMorgan Chase & Company

JPMorgan Chase & Company
US

Hi,

Perform the following local-change:  


Create DSS  to tell PRPC do not check for hostnames in certificate as below:

Owing Ruleset : Pega-IntegrationEngine

Setting Purpose: https/allowAllHostnames

Value: true

To see attachments, please log in.
Posted: 6 years ago
Updated: 4 years ago
Posted: 12 Apr 2018 7:47 EDT
Updated: 3 Jun 2020 10:04 EDT
Nagaraj Ponnurangam (NagarajP0101)
ING Belgium SA NV

ING Belgium SA NV
BE

Hi Sudhakar,

we were facing "Peer not authenticated issue" for one of the servers and we fixed it by setting the "https\AllowHostnames" as false as per suggestion by pega

https://collaborate.pega.com/question/javaxnetsslsslpeerunverifiedexception-peer-not-authenticated-0

we set this DSS value as false and the issue got fixed.

Now one more rest server is throwing exception: javax.net.ssl.SSLException: hostname in certificate didn't match: !=

Issue background: Earlier we did not use any trust store for connecting with this application except apitrustgenerator. 

There was one network change to strengthen the cipher because of which external application is ecpecting the certificate now.

We received the certificate from external application and we tried generating keystore from cert file and its throwing this error now.do we have to update trust store in our case? if yes, how do we create trust store?

what the might be the issue ?

I have enabled jvm arguments -Djavax.net.debug=ssl:handshake:data and got server log. Please find the attachment for the same.

 

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice