HTTPS hostname wrong


A

Albert

I got the following error while I tested a HTTPS connection to a
hostname 1company.mydomain.com.

java.io.IOException: HTTPS hostname wrong: should be
<1company.mydomain.com>

The hostname in the HTTPS request is exactly as same as in the
certificate. And I can open up the hostname using an IE browser
without any problem. I know how to skip the hostname verification, but
I don't feel comfortable to do that.

Any thoughts? I notice the hostname starting with a digit. It is rare.
Can that cause any problem in Java?

Thanks
Albert
 
Ad

Advertisements

A

Albert

Yes, it has full path with protocol part. And here is the stack trace:

java.io.IOException: HTTPS hostname wrong: should be
<1company.mydomain.com>
at sun.net.www.protocol.https.HttpsClient.b(DashoA6275)
at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA6275)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:574)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(DashoA6275)
at java.net.URL.openStream(URL.java:960)

Thanks
Albert
 
J

JK

Also check for uppercase letters. Even though your browser doesn't care,
the names are case sensitive and must match in the URL and the
certificate's subjectDN. I have had a similar problem with an e-mail
certificate.

Regards
JK
 
A

Albert

Do you mean subject CN? I use the "keytool -printcert" command to show
the detail of the cert. The hostname is displayed as the value of CN.
There is no uppercase letter in the hostname.

The hostname starts with a digit. It is rare. Could that cause problem
for JDK1.4.1_02?

And where can I download the source code for
sun.net.www.protocol.https.HttpsClint? I don't find it in
java.sun.com. I want to use a visual debugger to debug the error.

Thanks
Albert
 
Ad

Advertisements

J

JK

Yes, the CN must match, e.g.

CN=www.mysite.org

when you want to connect via

https://www.mysite.org

The source code of Sun's SSL classes is not open, I think due to the US
export regulations.

Regards
JK.
Do you mean subject CN? I use the "keytool -printcert" command to show
the detail of the cert. The hostname is displayed as the value of CN.
There is no uppercase letter in the hostname.

The hostname starts with a digit. It is rare. Could that cause problem
for JDK1.4.1_02?

And where can I download the source code for
sun.net.www.protocol.https.HttpsClint? I don't find it in
java.sun.com. I want to use a visual debugger to debug the error.

Thanks
Albert

<snipped>
 
A

Albert

Yes, the hostname in the CN does match the hostname in the request. I
am stuck in this issue. Anyone knows how to esclate the issue to SUN?

Thanks
Albert
 
H

Hans Granqvist

I got the following error while I tested a HTTPS connection to a
hostname 1company.mydomain.com.

java.io.IOException: HTTPS hostname wrong: should be
<1company.mydomain.com>

The hostname in the HTTPS request is exactly as same as in the
certificate. And I can open up the hostname using an IE browser
without any problem. I know how to skip the hostname verification, but
I don't feel comfortable to do that.

Any thoughts? I notice the hostname starting with a digit. It is rare.
Can that cause any problem in Java?

Thanks
Albert

There is a known error with this IOException: the host names are
mixed so that the exception always(?) prints the CN of the cert you're
trying to use, not the one you're connecting to, so you will seldom
be able to get a good error message.

The error is probably elsewhere. How did you create this server
certificate? Does it have unusual/bad OIDs?

-Hans
 
Ad

Advertisements

A

Albert

I don't think that is the case for my problem. The server certificate
is created by our Partner. I am sure the hostname in the CN is the
same one as in the HTTPS request.

-Albert
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top