HTTPS hostname wrong

Discussion in 'Java' started by Albert, Dec 10, 2003.

  1. Albert

    Albert Guest

    I got the following error while I tested a HTTPS connection to a
    hostname 1company.mydomain.com.

    java.io.IOException: HTTPS hostname wrong: should be
    <1company.mydomain.com>

    The hostname in the HTTPS request is exactly as same as in the
    certificate. And I can open up the hostname using an IE browser
    without any problem. I know how to skip the hostname verification, but
    I don't feel comfortable to do that.

    Any thoughts? I notice the hostname starting with a digit. It is rare.
    Can that cause any problem in Java?

    Thanks
    Albert
     
    Albert, Dec 10, 2003
    #1
    1. Advertising

  2. Albert

    VK Guest

    VK, Dec 10, 2003
    #2
    1. Advertising

  3. Albert

    Albert Guest

    Yes, it has full path with protocol part. And here is the stack trace:

    java.io.IOException: HTTPS hostname wrong: should be
    <1company.mydomain.com>
    at sun.net.www.protocol.https.HttpsClient.b(DashoA6275)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA6275)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:574)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(DashoA6275)
    at java.net.URL.openStream(URL.java:960)

    Thanks
    Albert


    "VK" <> wrote in message news:<3fd796b0$0$17067$>...
    > are you using full path (including the protocol part)?
    > https://1company.mydomain.com
     
    Albert, Dec 11, 2003
    #3
  4. (Albert) writes:

    > java.io.IOException: HTTPS hostname wrong: should be
    > <1company.mydomain.com>


    Examine the SSL server certificate to see what it says there.
     
    Tor Iver Wilhelmsen, Dec 11, 2003
    #4
  5. Albert

    JK Guest

    Also check for uppercase letters. Even though your browser doesn't care,
    the names are case sensitive and must match in the URL and the
    certificate's subjectDN. I have had a similar problem with an e-mail
    certificate.

    Regards
    JK



    Tor Iver Wilhelmsen wrote:
    > (Albert) writes:
    >
    >
    >>java.io.IOException: HTTPS hostname wrong: should be
    >><1company.mydomain.com>

    >
    >
    > Examine the SSL server certificate to see what it says there.
     
    JK, Dec 12, 2003
    #5
  6. Albert

    Albert Guest

    Do you mean subject CN? I use the "keytool -printcert" command to show
    the detail of the cert. The hostname is displayed as the value of CN.
    There is no uppercase letter in the hostname.

    The hostname starts with a digit. It is rare. Could that cause problem
    for JDK1.4.1_02?

    And where can I download the source code for
    sun.net.www.protocol.https.HttpsClint? I don't find it in
    java.sun.com. I want to use a visual debugger to debug the error.

    Thanks
    Albert

    JK <> wrote in message news:<brc0td$unm$-harburg.de>...
    > Also check for uppercase letters. Even though your browser doesn't care,
    > the names are case sensitive and must match in the URL and the
    > certificate's subjectDN. I have had a similar problem with an e-mail
    > certificate.
    >
    > Regards
    > JK
    >
    >
    >
    > Tor Iver Wilhelmsen wrote:
    > > (Albert) writes:
    > >
    > >
    > >>java.io.IOException: HTTPS hostname wrong: should be
    > >><1company.mydomain.com>

    > >
    > >
    > > Examine the SSL server certificate to see what it says there.
     
    Albert, Dec 15, 2003
    #6
  7. Albert

    JK Guest

    Yes, the CN must match, e.g.

    CN=www.mysite.org

    when you want to connect via

    https://www.mysite.org

    The source code of Sun's SSL classes is not open, I think due to the US
    export regulations.

    Regards
    JK.

    Albert wrote:
    > Do you mean subject CN? I use the "keytool -printcert" command to show
    > the detail of the cert. The hostname is displayed as the value of CN.
    > There is no uppercase letter in the hostname.
    >
    > The hostname starts with a digit. It is rare. Could that cause problem
    > for JDK1.4.1_02?
    >
    > And where can I download the source code for
    > sun.net.www.protocol.https.HttpsClint? I don't find it in
    > java.sun.com. I want to use a visual debugger to debug the error.
    >
    > Thanks
    > Albert
    >


    <snipped>
     
    JK, Dec 16, 2003
    #7
  8. Albert

    Albert Guest

    Yes, the hostname in the CN does match the hostname in the request. I
    am stuck in this issue. Anyone knows how to esclate the issue to SUN?

    Thanks
    Albert

    JK <> wrote in message news:<brmjmh$3c0$-harburg.de>...
    > Yes, the CN must match, e.g.
    >
    > CN=www.mysite.org
    >
    > when you want to connect via
    >
    > https://www.mysite.org
    >
    > The source code of Sun's SSL classes is not open, I think due to the US
    > export regulations.
    >
    > Regards
    > JK.
    >
     
    Albert, Dec 16, 2003
    #8
  9. (Albert) wrote in message news:<>...
    > I got the following error while I tested a HTTPS connection to a
    > hostname 1company.mydomain.com.
    >
    > java.io.IOException: HTTPS hostname wrong: should be
    > <1company.mydomain.com>
    >
    > The hostname in the HTTPS request is exactly as same as in the
    > certificate. And I can open up the hostname using an IE browser
    > without any problem. I know how to skip the hostname verification, but
    > I don't feel comfortable to do that.
    >
    > Any thoughts? I notice the hostname starting with a digit. It is rare.
    > Can that cause any problem in Java?
    >
    > Thanks
    > Albert


    There is a known error with this IOException: the host names are
    mixed so that the exception always(?) prints the CN of the cert you're
    trying to use, not the one you're connecting to, so you will seldom
    be able to get a good error message.

    The error is probably elsewhere. How did you create this server
    certificate? Does it have unusual/bad OIDs?

    -Hans
     
    Hans Granqvist, Dec 17, 2003
    #9
  10. Albert

    Albert Guest

    I don't think that is the case for my problem. The server certificate
    is created by our Partner. I am sure the hostname in the CN is the
    same one as in the HTTPS request.

    -Albert

    >
    > There is a known error with this IOException: the host names are
    > mixed so that the exception always(?) prints the CN of the cert you're
    > trying to use, not the one you're connecting to, so you will seldom
    > be able to get a good error message.
    >
    > The error is probably elsewhere. How did you create this server
    > certificate? Does it have unusual/bad OIDs?
    >
    > -Hans
     
    Albert, Dec 24, 2003
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. luican
    Replies:
    1
    Views:
    5,999
    Purl Gurl
    Jun 9, 2004
  2. AWieminer
    Replies:
    0
    Views:
    768
    AWieminer
    Jul 12, 2005
  3. Axel
    Replies:
    8
    Views:
    1,224
    Adrienne Boswell
    Apr 27, 2009
  4. jotto
    Replies:
    4
    Views:
    430
    jotto
    Oct 2, 2006
  5. Naveen Dhanuka
    Replies:
    1
    Views:
    308
Loading...

Share This Page