Four Stars rod
Four Stars

tSetKeystore + tRest - HTTPS hostname wrong: should be <servername>

 

We are doing a rest call to a server with SSL in a job we originally built in 5.4 but it's now in 6.4.  The SSL certificate only has one name in it (an FQDN accessible externally), and we need to access the server via another name.  We can't change the certificate and need to accept this certificate. 

We use tSetKeyStore to load the keys that we are using - and then a tRest component to make the request.

 

Screen Shot 2018-04-19 at 1.37.35 PM.png

 

Note: "Check server identity" is not checked.

Screen Shot 2018-04-19 at 5.28.04 PM.png

Screen Shot 2018-04-19 at 5.31.17 PM.png

   

Exception in component tREST_1 (test)
com.sun.jersey.api.client.ClientHandlerException: java.io.IOException: HTTPS hostname wrong: should be <servername>
at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:131)
at com.sun.jersey.api.client.Client.handle(Client.java:616)
at com.sun.jersey.api.client.WebResource.handle(WebResource.java:559)
...

 

If I check the "Check server identity" it seems to work successfully.   Any clue here why "check server identity" = true would fail when the servername is different?

2 REPLIES
Moderator

Re: tSetKeystore + tRest - HTTPS hostname wrong: should be <servername>

Hello,

It looks like an issue with the DefaultHostnameVerifier.

In tSetKeystore component, the "Check server identity" option is used to make the Job verify the match between the hostname of the URL and the hostname of the server. If they mismatch, the verification mechanism asks whether this connection should be allowed.

 

Best regards

Sabrina

 

 
--
Don't forget to give kudos when a reply is helpful and click Accept the solution when you think you're good with it.
Four Stars rod
Four Stars

Re: tSetKeystore + tRest - HTTPS hostname wrong: should be <servername>

 

Looking at this again it doesn't seem to be the DefaultHostnameVerifier - it seems between 5.6 & 6.4/6.5 the behaviour reversed.  It used to add this code when the checkbox was not selected, now it adds it when it is selected (which is by default).

 

I'm going to change mine to use "Check server identity" when I don't want it to, but do you think this might change back in the future?

 

System.setProperty("java.protocol.handler.pkgs",
						"com.sun.net.ssl.internal.www.protocol");
				javax.net.ssl.HttpsURLConnection
						.setDefaultHostnameVerifier(new javax.net.ssl.HostnameVerifier() {
							public boolean verify(String hostName,
									javax.net.ssl.SSLSession session) {
								return true;
							}
						});