hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Cheshire <cheshira...@gmail.com>
Subject error matching ssl certificate
Date Wed, 15 May 2013 15:53:41 GMT
I have a single server configured hosting 3 domains, A.com, B.com, C.com,
all with their own SSL certificates. Accessing these domains via a browser
and SSL all works just fine.

However, the web app on B needs to process a callback from C over SSL. B
has a wildcard certificate for *.B.com, and the production site is just
B.com. My testing sandbox is at X.B.com. Both work fine with the wildcard
certificate in a browser.

To send the callback I am using HttpClient 4.2.3 :

        HttpClient httpClient = new DefaultHttpClient();

httpClient.getParams().setParameter(CoreConnectionPNames.SO_TIMEOUT, 30000);


        try {
            URIBuilder builder = new URIBuilder(new URI("
            URI uri = builder.build();
            HttpGet get = new HttpGet(uri);
            get.addHeader("User-Agent", "Mozilla/5.0");

            HttpResponse response = httpClient.execute(get);
            int statusCode = response.getStatusLine().getStatusCode();

            if (statusCode == HttpServletResponse.SC_OK) {

            else {

        catch (IOException ex) {
            this.log.error("error", ex);
        catch (URISyntaxException ex) {
            this.log.error("error", ex);
        finally {

However, this throws the following exception :

javax.net.ssl.SSLException: hostname in certificate didn't match: <X.B.com>
!= <www.A.com> OR <www.A.com> OR <A.com>


I even tried setting the Host header manually to "X.B.com" and it still
didn't help (even though the docs say that this is set based upon the URI
provided to HttpClient).

What do I need to do to make the client negotiate the SSL connection for
the correct host so that the correct SSL certificate is matched up? Again,
the wildcard certificate works just fine in a browser for both B.com and
X.B.com, but not for HttpClient.



  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message