tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: ssl and host name not match
Date Mon, 18 Jul 2011 12:28:45 GMT
AngeloChen wrote:
> Hi,
> I got a virtual host:
> <Host name=""    appBase="sampleapps"
>                         unpackWARs="true" autoDeploy="true"
>                         xmlValidation="false" xmlNamespaceAware="false" >
>          <Alias></Alias>
> ...
> for some reason, the jks in the tomcat is for, when calling this
> server with httpclient, it always get:
> hostname in certificate didn't match:
> <> != <>
> even there is an alias
> any fix on this? Thanks,
There is no "fix" for this, because it is not a problem.  The client and the server are 
working the way they should :
- the client connects to a server, thinking it is ""
- the server returns a certificate for the host ""
- the client sees that the certificate is not for the host that it requested, so it gives

an error.
The <Alias> in your configuration is just a way for Tomcat to handle the request with
corresponding virtual host.  But it does not change the content of the certificate.

There are different ways to avoid the error :
a) have the client connect to "" instead.  Because of the Alias, the Tomcat 
virtual host will be the same, and it will return a certficate for "", so the 
client will be happy too.
b) use a wildcard certificate for "*"
c) change the certificate to be for ""

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message