i have apache mapped 2 external dns:
sub1.dn.com sub2.dn.com that both map same ip.
each has own ssl cert. each cert shows cn , san as-is , matching (i.e. sub1.dn.com sub1 , same sub2).
but, when java code tries connect to, say, sub2.dn.com fails, with: javax.net.ssl.sslhandshakeexception: java.security.cert.certificateexception: no subject alte rnative dns name matching sub2.dn.com found.
enabling java ssl debug output shows odd- seems java downloads , uses other (sub1) cert!!
[3]: objectid: 2.5.29.17 criticality=false subjectalternativename [ dnsname: **sub1.dn.com** ] so seems browsers happy, , right cert. java sees sub1.dn.com cert, never other. doesn't match when sub2 called.
any ideas why java this? , perhaps how fix it! thanks
if have 2 https domains on same ip running client requires support sni (server name indication) selecting correct certificate. note sni can work tls, ssl not supported.
java 7 has sni support, therefore should check if using current java version.
on server side make sure tls supported , preferred protocol.
Comments
Post a Comment