tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: ssl and host name not match
Date Mon, 18 Jul 2011 12:28:45 GMT
AngeloChen wrote:
> Hi,
> 
> I got a virtual host:
> 
> <Host name="www.sample.com"    appBase="sampleapps"
>                         unpackWARs="true" autoDeploy="true"
>                         xmlValidation="false" xmlNamespaceAware="false" >
>          <Alias>sample.com</Alias>
> ...
> 
> for some reason, the jks in the tomcat is for sample.com, when calling this
> server with httpclient, it always get:
> 
> javax.net.ssl.SSLException: hostname in certificate didn't match:
> <www.sample.com> != <sample.com>
> 
> even there is an alias sample.com.
> 
> any fix on this? Thanks,
> 
There is no "fix" for this, because it is not a problem.  The client and the server are 
working the way they should :
- the client connects to a server, thinking it is "www.sample.com"
- the server returns a certificate for the host "sample.com"
- the client sees that the certificate is not for the host that it requested, so it gives

an error.
The <Alias> in your configuration is just a way for Tomcat to handle the request with
the 
corresponding virtual host.  But it does not change the content of the certificate.

There are different ways to avoid the error :
a) have the client connect to "sample.com" instead.  Because of the Alias, the Tomcat 
virtual host will be the same, and it will return a certficate for "sample.com", so the 
client will be happy too.
b) use a wildcard certificate for "*.sample.com"
c) change the certificate to be for "www.sample.com"
...

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message