The name on the security certificate is invalid or does not match the name of the site exchange 2010

We did an update to SP1 to SP3 for Exchange 2010 over the weekend and now I am seeing the following errors.
"The name on the security certificate is invalid or does not match the name of the site"
Any ideas why an update would effect this. I have looked at the names and everything seems to match up.

Hi,
Does the issue happen to all users? If it is, please run the following command to check your certificate configuration:
Get-ExchangeCertificate | fl
Generally, the certificate mismatch issue is caused by the name in URLs doesn't match the certificate names with IIS service. Please make sure all URLs that used to connect Exchange from internal and external should match the certificate names with proper
services.
http://support.microsoft.com/kb/940726
Best Regards,
Winnie Liang
TechNet Community Support

Similar Messages

  • The name on the security certificate is invalid or does not match the name of the site

    Hi Guys,
    Every time when we login to SAP Business One, we are getting two identical security Alerts, that we needs to click "Yes" twice.
    Text of error: “The name on the security certificate is invalid or does not match the name of the site”
    We tried to install certificate, but it is not solved this certificate issue and the alert still pops up on login.
    I guess, something wrong with dashboard settings, but don't really know what exact and how to fix it.
    Thanks,
    Sergey

    Hi,
    Please check SAP note:
    1810486 - Dashboard Certificate Sercurity Alert appears on every
    logon to Business One
    Thanks & Regards,
    Nagarajan

  • The name on the security certificate is invalid or does not match the name of the site" : IE

    Hi All,
    All clients are getting “the name on the security certificate is invalid or does not match the name of the
    site” when its reboot and try to access website.
    I don’t have idea about certificate authority. Can anyone help on how I start troubleshooting this.
    Is there any group policy setting which resolve this issue.
    Please suggest what parameter I have to check. 

    > All clients are getting “the name on the security certificate is invalid
    > or does not match the name of the site” when its reboot and try to access website.
    "View Certificate" should tell you.
    Greetings/Grüße,
    Martin
    Mal ein
    gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me -
    coke bottle design refreshment (-:

  • Exchange 2013 w/Outlook 2013 "The name of the security certificate is invalid or does not match the name of the site"

    I've completed an upgrade from Exchange 2003 to Exchange 2013 and I have one last SSL message that I can't get rid of.  I've installed a 3rd party cert that is working great for webmail and cell phone access but for some reason the Outlook 2010/2013
    clients get prompted for a security warning.  I just implemented the SSL cert yesterday and I've noticed that new installs of Outlook seem to work just fine.  My Outlook 2013 client doesn't prompt me with the message but I have other users who are
    still getting the "The name of the security certificate is invalid or does not match the name of the site" error.  The domain on the cert error show up as server.mydomain.local.  I've gone through all the virtual directories and pointed
    all of my internal and external URL's to https://mail.mydomain.com.   This made one of the two warnings go away but not the second.  I've dug around on google and gone through everything I could find here and as far as I can tell my internal
    and external url's are configured properly and I can't figure out where this error is originating from.  Any ideas on where I should look outside of the virtual directories? 
    I'm including a good link I found that contains all of the virtual directories I updated.  I've checked them through both CLI and GUI and everything looks good.
    http://www.mustbegeek.com/configure-external-and-internal-url-in-exchange-2013/
    http://jaworskiblog.com/2013/04/13/setting-internal-and-external-urls-in-exchange-2013/

    Hi,
    When the Outlook connect to Exchange 2013/Exchange 2010, the client would connect to Autodiscover service to retrieve Exchange service automatically from server side. This feature is not available in Exchange 2003 Outlook profile.
    Generally, when mailbox is moved to Exchange 2013, the Outlook would connect to server to automatically update these information. It needs time to detect and update the changes in server side. I suggest we can do the following setting For autodiscover service:
    Get-ClientAccessServer | Set-ClientAccessServer –AutodiscoverServiceInternalUri https://mail.mydomain.com/autodiscover/autodiscover.xml
    Please restart IIS service by running IISReset in a Command Prompt window after all configuraions.
    Regards,
    Winnie Liang
    TechNet Community Support

  • The name of the security certificate is invalid or does not match the name of the site error?

    I am looking for some help folks. We are in a Outlook 2007/Exchange2010/Windows2008R2 environment.
    When users open Outlook off the network, and occasionally on the network, they get the error
    The name of the security certificate is invalid or does not match the name of the site error
    The CAS hostname is HRECAS.XXX.ORG. The URL that is listed on the SSL certificate (issued by VeriSign) is WEB.XXX.ORG. WEB.XXX.ORG is what users use to get to OWA and such.
    When I use testexchangeconnectivity.com, under certificate name validation I see an error that reads:
    Host name autodiscover.xxx.org doesn't match any name found on the server certificate CN=web.xxx.org.
    Does this mean somehow we have to add autodiscover.xxx.org on the certificate?
    I tried to add AutoDiscoverExternalUri using
    http://support.microsoft.com/?kbid=940726 &
    http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/2d0c0f5f-e4ec-4f33-a37d-b94fd7a2319f on the CAS server.
    Set-ClientAccessServer -identity HRECAS -AutodiscoverServiceExternalUri
     https://autodiscover.xxx.org/Autodiscover/Autodiscover.xml 
    I get an error that says
    "a positional parameter cannot be found that accepts argument '-AutoDiscoverExternalUri'.
    Can someone point to me what I am doing wrong with the command and whether I should be concerning myself with adding that line? By the way the
    InternalUrl information is already configured on the system. Also should I edit the certificate to add autodiscover.xxx.org?
    Thank in advance for your support.
    TD
    TD

    Hi Tapera,
    Thanks for the question.
    SRV record is a good idea. You can set the SRV to
    https://web.abc.com/autodiscover/autodiscover.xml but you must make sure the
    url can be resolved from External clients.
    In addition, there is still a issue. It is hard coded that Outlook will find the autodiscover by the orders below:
    1. Access autodiscover via SCP in AD.
    https://web.abc.com/autodiscover/autodiscover.xml
    2. If SCP access fails, it will try:
    https://abc.com/autodiscover/autodiscover.xml
    3. Then
    https://autodiscover.abc.com/autodiscover/autodiscover.xml
    4. Local XML file
    5. SRV record
    As you can see, Outlook will try SRV record at last. Therefore, it will still try to access
    https://autodiscover.abc.com/autodiscover/autodiscover.xml each time you run Outlook. Then the certificate warning will still persists.
    I have a workaround solution. You can do a local policy to disable the autodiscover to access the
    https://autodiscover.abc.ocom/autodiscover/autodiscover.xml by:
    1.   
    On the Outlook client machine, open regedit and add the following key:
    HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Autodiscover
             "ExcludeHttpsAutodiscoverDomain"
             "ExcludeHttpsRootDomain"
    2.   
    Then set the value to “1” on the above two keys.
    Thanks,
    Simon  

  • Outlook Security Alert - "the name on the security certificate is invalid or does not match the name of the site"

    Due to our company changing names, we recently moved to a new domain. All users were at first getting a certificate error when opening Outlook "the name on the security certificate is invalid or does not match the name of the site." After our network
    admin made some changes, nobody receives this error anymore except one user. The URL at the top of the security alert is the old domain, mail.olddomain.com. I checked the users Exchange Proxy Settings in Outlook, everything is showing the URL's of the new
    domain so I'm not sure where this is coming from. I'm assuming it has to be something on her local machine since she is the only one who still gets the error.
    Thanks in advance for any help.
    Exchange server 2008
    Outlook 2010

    Hi,
    Please follow all above suggestions to confirm whether the issue happens in OWA. And run Test E-mail AutoConfiguration in Outlook to check whether there is any URL settings using the old domain.
    If the issue doesn’t happen in OWA and your URL configurations are all same as others and set correctly, please create a new Outlook profile to have a try.
    Thanks,
    Winnie Liang
    TechNet Community Support

  • There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site "Mailserver"

    Good day Guys
    First of all I am not an Exchange Expert, and I might be asking a very stupid question, but please bare with me. :) 
    While I was on leave our Mail server fell over and The company got a Specialist to help out for the time being.
    We where\are on Microsoft Exchange 2007 , which Fell over, and the specialist was able to recover as much data as he could.
    They then installed Exchange 2013 and tried to migrate everything from 2007 to 2013 and not everything migrated over.
    But the problem is, Outlook Anywhere was enable on 2007 and worked a 100% (before the disaster)
    With Exchange 2013 I get the following error message when trying to connect With Outlook 2013, using an external connection:
    "There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site "Mailserver"
    Outlook is unable to connect to the Proxy server. (Error Code 0)"
    Has anyone had the Similar when migrating over from 2007 to 2013 or is this an Issue on IIS and nothing to do with Exchange migration?
    Your assistance will be greatly appreciated.

    Hi,
    Firstly, I would suggest we use Exchange 2013 FE as the Outlook Anywhere proxy server.
    For the certificate issue, it mostly occurs because the host name that Outlook are trying to access does not match the certificate SAN. Please check with this point. If they do not match, you
    can change the host name by referring to the following article:
    https://support.microsoft.com/kb/940726/en-us?wa=wsignin1.0
    Thanks,
    Simon Wu
    TechNet Community Support

  • "Name on the Security Certificate is Invalid or Does not Match..." using Outlok 2007 w/ Exchange 2007

    Good afternoon!
    We just completed our Exchange 2007 implementation (migration from Exchange 2003... a fun romp of 24 straight hours for the final push) and noticed an error that only occurs on Outlook 2007 clients connecting to the Exchange 2007 server: "Name on the Security Certificate is Invalid or Does Not Match the Name on the Certificate".
    Now, I've done my reading into this and have determined that due to how Outlook 2007 clients managed their OAB, it is essentially through a web virtual directory now, no longer through Public Folders and this is essentially the base of our issue. See, our mail server has an internal FQDN of mail.ourdomain-domain.com whereas it has an external FQDN (which is what the SSL Cert is tied to) of owa.ourdomain.com.
    So, essentially what I'm seeing is our internal Outlook 2007 clients (limited to I.S. employees only right now, thankfully) are seeing this SSL error because Outlook 2007 is trying to pick up the OAB using the internal FQDN instead of the external FQDN (which would work as well, due to some internal DNS trickery we have configured).
    My question is (finally), is there a way to circumvent this internally so we never see this SSL error prompt or a way to force Outlook 2007 to use the external FQDN? I have made sure all the settings in Exchange Management Console for OAB and the like have both the internal and external FQDN set to owa.ourdomain.com (the valid SSL name), but it does not appear to have made a difference. Granted, I have not rebooted... but I do not think that is necessary in this instance.
    Any suggestions would be appreciated. Thanks!!

    Hi All,
    1) I am using Windows SBS Server 2008 with Exchange 2007 installed on it. With all the Certicate configured internally. We haven’t purchased the Certificate from any outside authority yet.
    2) Also, user were getting Error message "The name on the security certificate is invalid or does not match the name of the site" in outlook, to resolve this issue I followed the steps mention on "http://support.microsoft.com/kb/940726" &  “http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/697f79e2-ca8f-4a2e-bae5-55d3fa7f703f/?prof=required” however I was able run only first command as I was unable to find "EWS (Default Web Site)", "oab (Default Web Site)", "unifiedmessaging (Default Web Site)".
    3) After reaserching, I run following commands to get the status, location of WebServicesVirtualDirectory, OABVirtualDirectory & UMVirtualDirectory
    [PS] C:\Windows\System32>Get-WebServicesVirtualDirectory | fl
    Name                          : EWS (SBS Web Applications)
    Server                        : PASVR01
    InternalUrl               : https://sites/EWS/Exchange.asmx
    ExternalUrl              :
    [PS] C:\Windows\System32>Get-OABVirtualDirectory | fl
    Name                          : OAB (SBS Web Applications)
    Server                        : PASVR01
    InternalUrl               : https://sites/OAB
    ExternalUrl              :
    [PS] C:\Windows\System32>Get-UMVirtualDirectory | fl
    Name                          : UnifiedMessaging (SBS Web Applications)
    Server                        : PASVR01
    InternalUrl               : https://sites/UnifiedMessaging/Service.asmx
    ExternalUrl               :
    4) Then after getting the correct locations of all the directory I run the following commands to change the internal url on existing Certs
    Set-ClientAccessServer -Identity PASVR01 -AutodiscoverServiceInternalUri https://pasvr01/owa/autodiscover/autodiscover.xml
    Set-WebServicesVirtualDirectory -Identity "PASVR01\EWS (SBS Web Applications)" -InternalUrl https://pasvr01/owa/ews/exchange.asmx
    Set-OABVirtualDirectory -Identity "PASVR01\OAB (SBS Web Applications)" -InternalUrl https://pasvr01/owa/oab
    Set-UMVirtualDirectory -Identity "PASVR01\UnifiedMessaging (SBS Web Applications)" -InternalUrl https://pasvr01/owa/unifiedmessaging/service.asmx
    5) However, this does'nt resolved our issue so run the following commands to change the external url on existing Certs
    Set-WebServicesVirtualDirectory -Identity "PASVR01\EWS (SBS Web Applications)" -ExternalUrl https://exchange.domain.com/owa/ews/exchange.asmx
    Set-OABVirtualDirectory -Identity "PASVR01\OAB (SBS Web Applications)" -ExternalUrl https://exchange.domain.com/owa/oab
    Set-UMVirtualDirectory -Identity "PASVR01\UnifiedMessaging (SBS Web Applications)" -ExternalUrl https://exchange.domain.com/owa/unifiedmessaging/service.asmx
    6) I also tried running "New-ExchangeCertificate -PrivateKeyExportable $True -Services “IMAP, POP, IIS, SMTP” -SubjectName “cn=PASVR01" as I have deleted one of the certicate on this server in past.
    7) Following was the status of internal and external URL.
    [PS] C:\Windows\System32>Get-WebServicesVirtualDirectory | fl
    Name                          : EWS (SBS Web Applications)
    Server                        : PASVR01
    InternalUrl               : https://pasvr01/owa/ews/exchange.asmx
    ExternalUrl              : https://exchange. exchange.domain.com /owa/ews/exchange.asmx
    [PS] C:\Windows\System32>Get-OABVirtualDirectory | fl
    Name                          : OAB (SBS Web Applications)
    Server                        : PASVR01
    InternalUrl               : https://pasvr01/owa/oab
    ExternalUrl              : https://exchange. exchange.domain.com/owa/oab
    [PS] C:\Windows\System32>Get-UMVirtualDirectory | fl
    Name                          : UnifiedMessaging (SBS Web Applications)
    Server                        : PASVR01
    InternalUrl                   : https://pasvr01/owa/unifiedmessaging/service.asmx
    ExternalUrl                   : https://exchange. exchange.domain.com/owa/unifiedmessaging/service.asmx
    10) Still we are facing this issue of "The name on the security certificate is invalid or does not match the name of the site" in outlook.
    PLEASE HELP ME TO RESOLVE THIS ISSUE.
    Thanks in Advance,
    Asif

  • Exchange 2010 - The name on the security certificate is invalid or does not match the name of the site

    Scenario - Two Domains in different forests in production
    Domain ABC.com - Contains Exchange Server 2010 + Windows 2008 R2 AD Domain controllers
    Domain XYZ.com - Windows 2008 R2 Domain controllers + Contains all users + Desktop compuer accounts.
    User logs in to the domain XYZ.com from a desktop and he configures outlook using the user ID in  domain ABC.com.
    When he opens Outlook it is getting connected and he gets an error message pop -up saying 'The name on the security 
    certificate is invalid or does not match the name of the site'
    I am using an external certificate from Thawte for autodiscover.ABC.com & webmail.ABC.com
    I read about one solution provided in MS KB article - http://support.microsoft.com/kb/2772058 
    But in my scenarion there are two domain involved. Pls guide how to clear this.
     

    Hi,
    How about logon [email protected] on ABC domain via OWA?
    If OWA works well, it seems and issue on the Autodiscover side.
    Please run "Test E-mail AutoConfiguration" on Outlook to check whether this issue caused by Certificate Mismatch.
    1.
    Firstly make sure how many host name in your certificate the certificate. Run “Get-ExchangeCertificate | select certificatedomain”.
    2.
    Secondly, check the web services URLs which Outlook are trying to connect to. Run “Test Email AutoConfiguration”.
    3.
    In this scenario, you need to check the host name for the following services:
    Autodiscover, EWS, OAB, ECP, UM
    4.
    If any of the urls above does not match the one in the certificate, refer to the following article to change it via EMS:
    http://support.microsoft.com/kb/940726 
    More details to see following FAQ on "Checklist for Exchange Certificate issues":
    http://social.technet.microsoft.com/Forums/en-US/fa78799b-5c55-4c71-973b-0e186612ff6f/checklist-for-exchange-certificate-issues?forum=exchangesvrgeneral
    Thanks
    Mavis Huang
    TechNet Community Support

  • Exchange 2013 - The name of the security certificate is invalid or does not match the name of the site

    Hi,
    I know this question has been asked a ton of times, but I haven't found any instance of this question asked for exchange 2013.  Yes, I've seen Exchange 2010, Exchange 2007, but not Exchange 2013.  The symptoms are all similar.  Here is a description:
    1 Exchange 2013 server, all roles installed.
    External domain name:  associates.com
    Internal AD domain name:  associates.local
    Client installed a third party SSL certificate, but did not purchase a SAN or UC certificate, so there is one namespace on the SSL cert, and that represents the external OWA name:  mail.associates.com
    Now, when internal OUtlook 2010 clients start, they get the "The name of the security certificate is invalid or does not match the name of the site."
    I'm just wondering if http://support.microsoft.com/kb/940726 still applies to Exchange 2013 to fix this issue.  Does this article apply to Exchange 2013?  If so, I will follow the above
    article.  If not, please direct me to any articles for Exchange 2013 that addresses this.
    the autodiscoverserviceuri points to: 
    https://netbiosnameofmailserver.associates.local/Autodiscover/Autodiscover.xml
    Thanks!
    A

    Yes, the http://support.microsoft.com/kb/940726 still applies to Exchange2013.
    As per my understanding on this post;
    - Poster's Exchange2013 has no SAN certificate.. (usually used for local address like; NETBIOS.Domain.lan).  Be reminded that SSL providers will no longer accepts .LAN or .LOCAL in very near future.
    - By default it uses local url for EWS, Autodiscover, etc.. (if you don't have SAN certificate installed in your CAS server, you would see the certi warning)
    Anyway, I just want to share my case after applying the said work around long time ago (maybe some of you might encounter it as well): my Outlook still showed the certificate warning (I was just keep clicking the YES button).. I was wondering
    that time what was wrong with my virtual directory settings.. until I decided to click "NO" for an answer to that certificate warning message, then voila! it didn't bug me anymore.  Oh by the way, the certificate warning usually give you a hint
    what triggers it like; "autodiscover.Domain.lan" on the first line of message, but in my case it just "NETBIOS.Domain.lan" (didn't make any sense, did it?).. Well, unfortunately I didn't have the chance to figure out what triggered that event.. 

  • Exchange 2013/2007 coexistence: The Name on the Security Certificate is Invalid or Does Not Match the Name of the Site.

    In the midst of Exchange 2013/2007 coexistence configuration. 
    Currently:
    Exchange 2007:
    2 CAS\HUB
    1 Mailbox server
    Exchange 2013 (2 sites):
    LA:
    1 CAS
    2 MBX servers
    MKE:
    1 CAS 
    2 MBX servers.
    We purchased a certificate from Digicert and added every SAN name we could think of including "legacy.companyname.com", just to be sure. Added certificate to Exchange 2013 CAS servers and 2007 CAS\HUB boxes. Configured virtual directories on Exchange
    2013 MKE-CAS01 but not on Exchange 2013 LA-CAS01. Configured virtual directories to on Exchange 2007 CAS\HUB to point to "legacy.companyname.com". 
    Mailboxes have not been moved yet. I just wanted to get the coexistence between Exchange 2013/2007 up first but some users (not all) receiving
    "The name of the security certificate is invalid or does not match the name of the site" for
    "LEGACY.COMPANYNAME.COM". I remember configuring the AUTODISCOVER virtual directory for Exchange 2007. Any ideas? Thank you.

    Hi,
    Please make sure that the certificate with "legacy.companyname.com" name is enabled for IIS service. We can check it by running the following command in Exchange server 2007:
    Get-ExchangeCertificate | FL
    Thanks,
    Winnie Liang
    TechNet Community Support

  • Outlook: The name of the security certificate is invalid or does not match the name of the site

    Hey guys,
    We have setup autodiscover redirection properly (I guessed) by:
    Creating a CNAME from
    AliasName: autodiscover.tenant-domain.com TO
    PrimaryName: autodiscoverredirection.hostname.com.
    Then doing a re-direction to https autodiscover service.
    All seems to be working properly, however, when I open Outlook, it still shows the pop out saying "autodiscover.tenant-domain.com - The name of the security certificate is invalid or does not match the name of the site".
    The autodiscover redirection is indeed working properly, that's why the autodiscover is working, however it is still trying to match autodiscover.tenant-domain.com to the certitifcate instead of matching the re-directed url, which is autodiscover.hostname.com.
    Could anyone advise what is wrong? Or anyone who knows how to correct it can contact me? :)
    Jackson Yap APC Hosting http://www.apc.sg/

    Hi Jason, Well, if it is doing that, it is most likely beccause your autodiscoverredirection.hostname.com also respond to port 443/SSL. So, what you need to do is to make sure that specific IP isn't responding to 443. The reason is this, 1. You first hit
    https://autodiscover.tenant-domain.com, which this is a CNAME to autodiscoverredirection.hostname.com. So, if autodiscoverredirection.hostname.com respond to 443, it will then give you an error. If it doesn, it will then move on to perform redirection right
    away and you will not get that prompt.Regards, Kip Ng - http://blogs.technet.com/b/provtest/

  • Outlook 2007 security warning: " The name of the security certificate is invalid or does not match the name of the site" Article id 940726

    I am one of those suffering from the effects of new SAN certificate rules which will NOT support internal .Local domain names and netbios names.
    I have a simple single exchange 2010 std server in an AD domain mydomain.local and I am trying to use the Article id 940726 steps to reconfigure the exchange server. I have worked through the steps as described in the article and changed the service connection
    point object for the autodiscover service to reference my public host `mail.mydomain.com' and similarly with the ews internalurl etc. I have created a forward lookup zone on my internal AD DNS server and created a host (A) record for the external mail.mydomain.com
    to resolve to an internal ip address of the exchange (CAS) server. BUT I have not created an (A) record for autodiscover.mydomain.com because my understanding is that it isnt REQUIRED, however please correct me if I have misunderstood. I believe that domain
    joined outlook clients will use the SCP object servicebinding attribute to locate the autodiscover services. 
    After applying the changes and  recyling the MSExchangeAutodiscoverAppPool in IIS, I am struggling to understand why all my internal oulook clients (working perfectly before this change) are being presented with a windows security login box prompting
    for user credentials in the UPN format which we havent used before and isnt configured in AD. The windows security box is prepopulated with login name of `[email protected]' and I have not enabled upn logon format in AD always seen the domain\user windows
    login box.
    Test outlook email configuration fails the autodiscover tests with ...autodiscover.xml failed (0x80040113) httpstatus 503.
    Does anyone know what I have done wrong? Ofcourse if I change the SCP url back to the netbios server name.domain.local everything goes back to working as normal.
    I have searched high and low but cant seem to find a fix for this. I am beginning to wonder if the steps in article 940726 have been validated by anyone else in a similar scenario to mine.
    Any help will be highly appreciated.
    Trikz MCSE

    Hi Jason, Well, if it is doing that, it is most likely beccause your autodiscoverredirection.hostname.com also respond to port 443/SSL. So, what you need to do is to make sure that specific IP isn't responding to 443. The reason is this, 1. You first hit
    https://autodiscover.tenant-domain.com, which this is a CNAME to autodiscoverredirection.hostname.com. So, if autodiscoverredirection.hostname.com respond to 443, it will then give you an error. If it doesn, it will then move on to perform redirection right
    away and you will not get that prompt.Regards, Kip Ng - http://blogs.technet.com/b/provtest/

  • What does IO Exception "Server Certificate subjectDN CommonName received does not match Server hostname" mean?

    While trying to establish a SSL Link to a URL Connection, I got an IO
    Exception "Server Certificate subjectDN CommonName received does not match
    Server hostname" on the destConn.getOutputStream().
    What does this mean? And how do I fix it?
    System.setProperty("https.proxyHost", "xxxx");
    System.setProperty("https.proxyPort", "0000");
    System.setProperty("java.protocol.handler.pkgs",
    "com.sun.net.ssl.internal.www.protocol");
    URL destURL = new URL("URLaddress");
    URLConnection destConn = destURL.openConnection();
    ((java.net.HttpURLConnection)destConn).setRequestMethod("POST");
    destConn.setDoInput(true);
    destConn.setDoOutput(true);
    URLin = new PrintWriter( new BufferedWriter(
    new
    OutputStreamWriter(destConn.getOutputStream())));

    Hi,
    I was wondering if there was a solution for this. I am using the certficates and
    keys that came with the installation of 6.1. Do I have to regenerate them in order
    to use them in weblogic. I am getting this same error when I try to run the SSLClient
    class in the examples.security.sslclient.
    Jerry <[email protected]> wrote:
    Hi Terry,
    The server-side certificate has a DN (distinguished name) embedded in it.
    This usually looks like a full hostname -- something like www.mycomputer.com
    When you make the reaquest
    URL destURL = new URL("URLaddress");
    The string for "URLaddress" should match the DN of the certificate on the
    server that you are requesting a connection to. It needs to match because
    there is a compare of the DN in the cert, to the requested host.
    In other words, if you are connecting to www.mycomputer.com, then the server
    running on www.mycomputer.com should have a certificate with the DN
    www.mycomputer.com
    Then, when the match of the certificate DN to the requested host is done,
    it
    will succeed.
    Right now, this match appears to be failing for you.
    Cheers
    Joe Jerry
    Terry Treadwell wrote:
    While trying to establish a SSL Link to a URL Connection, I got an IO
    Exception "Server Certificate subjectDN CommonName received does not match
    Server hostname" on the destConn.getOutputStream().
    What does this mean? And how do I fix it?
    System.setProperty("https.proxyHost", "xxxx");
    System.setProperty("https.proxyPort", "0000");
    System.setProperty("java.protocol.handler.pkgs",
    "com.sun.net.ssl.internal.www.protocol");
    URL destURL = new URL("URLaddress");
    URLConnection destConn = destURL.openConnection();
    ((java.net.HttpURLConnection)destConn).setRequestMethod("POST");
    destConn.setDoInput(true);
    destConn.setDoOutput(true);
    URLin = new PrintWriter( new BufferedWriter(
    new
    OutputStreamWriter(destConn.getOutputStream())));

  • SSLException: Name in certificate "host1" does not match host name "host2"

    Hi all,
    I am using a hosted WebDAV/Subversion service to store my files. The provider has connected my domain name to the service, so now I can access the service through my domain name :-)
    However, the provider cannot assign a static dedicated IP for the server which provides my content, hence he cannot set an SSL certificate for my domain name. Any time I access the service I am getting an SSL warning telling me that the domain name does not match that on the certificate... So far had no problem with that. The Web browser, the Windows Explorer, and the Subversion client allow me to accept the connection.
    Now I need to set up some automatic build software (Maven) and it appears that the JRE has a problem with these name mismatches -- it just throws an exception and does not allow me to accept the connection :-( In order to ensure that this is a JRE problem, I have tried to connect to the service with a Java-based WebDAV client (DAVExplorer) -- same thing -- here is the message thrown by DAVExplorer:
    javax.net.ssl.SSLException: Name in certificate "his.domain.name" does not match host name "my.domain.name"
    Is there some configuration file, system property or switch that I can use to make the JRE ignore the domain name mismatch thing?
    Please help,
    Adrian.

    Here is a quick example I put together. Most of the code was autogenerated by Eclipse "Generate Delegate Methods" on the urlConn field of the class. This is just an example; I haven't given it much thought; it probably opens up other security holes and I take no responsibility for it.
    In my example, I have an SSL server with the name "dawntreader" in the certificate, but my URL is https://192.168.10.7/ which triggers the name mismatch. I have not actually tested it with maven, but looking at these docs (http://maven.apache.org/guides/mini/guide-repository-ssl.html) I think that you should be able to add the following to the MAVEN_OPTS environment variable: -Djava.protocol.handler.pkgs=MyHttpsUrlConnection and make sure the MyHttpsUrlConnection.class file is on the classpath
    import java.io.IOException;
    import java.io.InputStream;
    import java.io.OutputStream;
    import java.net.MalformedURLException;
    import java.net.ProtocolException;
    import java.net.URL;
    import java.security.Permission;
    import java.security.Principal;
    import java.security.cert.Certificate;
    import java.util.List;
    import java.util.Map;
    import javax.net.ssl.HostnameVerifier;
    import javax.net.ssl.HttpsURLConnection;
    import javax.net.ssl.SSLPeerUnverifiedException;
    import javax.net.ssl.SSLSession;
    import javax.net.ssl.SSLSocketFactory;
    import javax.security.auth.x500.X500Principal;
    public class MyHttpsURLConnection extends HttpsURLConnection
        static class MyHostnameVerifier implements HostnameVerifier
            private static final String EXPECTED_HOSTNAME = "dawntreader";
            private String getCN(String DN)
                String [] dnComponents = DN.split(",");
                // Find one that starts with CN=
                for (String component : dnComponents)
                    if (component.startsWith("cn="))
                        return component.substring(3);
                return "";
            @Override
            public boolean verify(String hostname, SSLSession session)
                try
                    X500Principal peerPrincipal = (X500Principal) session.getPeerPrincipal();
                    String DN = peerPrincipal.getName("CANONICAL");
                    // now parse the CN out of the effing DN
                    // We should also get the subject alternative names
                    // from the peer certificate
                    String CN = getCN(DN);
                    return CN.equals(EXPECTED_HOSTNAME);
                } catch (SSLPeerUnverifiedException e)
                    return false;
        private final HttpsURLConnection urlConn;
        public MyHttpsURLConnection(URL url) throws IOException
            super(url);
            urlConn = (HttpsURLConnection) url.openConnection();
            urlConn.setHostnameVerifier(new MyHostnameVerifier());
        public void addRequestProperty(String key, String value)
            this.urlConn.addRequestProperty(key, value);
        public void connect() throws IOException
            this.urlConn.connect();
        public void disconnect()
            this.urlConn.disconnect();
        public boolean equals(Object obj)
            return this.urlConn.equals(obj);
        public boolean getAllowUserInteraction()
            return this.urlConn.getAllowUserInteraction();
        public String getCipherSuite()
            return this.urlConn.getCipherSuite();
        public int getConnectTimeout()
            return this.urlConn.getConnectTimeout();
        public Object getContent() throws IOException
            return this.urlConn.getContent();
        public Object getContent(Class[] classes) throws IOException
            return this.urlConn.getContent(classes);
        public String getContentEncoding()
            return this.urlConn.getContentEncoding();
        public int getContentLength()
            return this.urlConn.getContentLength();
        public String getContentType()
            return this.urlConn.getContentType();
        public long getDate()
            return this.urlConn.getDate();
        public boolean getDefaultUseCaches()
            return this.urlConn.getDefaultUseCaches();
        public boolean getDoInput()
            return this.urlConn.getDoInput();
        public boolean getDoOutput()
            return this.urlConn.getDoOutput();
        public InputStream getErrorStream()
            return this.urlConn.getErrorStream();
        public long getExpiration()
            return this.urlConn.getExpiration();
        public String getHeaderField(int n)
            return this.urlConn.getHeaderField(n);
        public String getHeaderField(String name)
            return this.urlConn.getHeaderField(name);
        public long getHeaderFieldDate(String name, long Default)
            return this.urlConn.getHeaderFieldDate(name, Default);
        public int getHeaderFieldInt(String name, int Default)
            return this.urlConn.getHeaderFieldInt(name, Default);
        public String getHeaderFieldKey(int n)
            return this.urlConn.getHeaderFieldKey(n);
        public Map<String, List<String>> getHeaderFields()
            return this.urlConn.getHeaderFields();
        public HostnameVerifier getHostnameVerifier()
            return this.urlConn.getHostnameVerifier();
        public long getIfModifiedSince()
            return this.urlConn.getIfModifiedSince();
        public InputStream getInputStream() throws IOException
            return this.urlConn.getInputStream();
        public boolean getInstanceFollowRedirects()
            return this.urlConn.getInstanceFollowRedirects();
        public long getLastModified()
            return this.urlConn.getLastModified();
        public Certificate[] getLocalCertificates()
            return this.urlConn.getLocalCertificates();
        public Principal getLocalPrincipal()
            return this.urlConn.getLocalPrincipal();
        public OutputStream getOutputStream() throws IOException
            return this.urlConn.getOutputStream();
        public Principal getPeerPrincipal() throws SSLPeerUnverifiedException
            return this.urlConn.getPeerPrincipal();
        public Permission getPermission() throws IOException
            return this.urlConn.getPermission();
        public int getReadTimeout()
            return this.urlConn.getReadTimeout();
        public String getRequestMethod()
            return this.urlConn.getRequestMethod();
        public Map<String, List<String>> getRequestProperties()
            return this.urlConn.getRequestProperties();
        public String getRequestProperty(String key)
            return this.urlConn.getRequestProperty(key);
        public int getResponseCode() throws IOException
            return this.urlConn.getResponseCode();
        public String getResponseMessage() throws IOException
            return this.urlConn.getResponseMessage();
        public Certificate[] getServerCertificates() throws SSLPeerUnverifiedException
            return this.urlConn.getServerCertificates();
        public SSLSocketFactory getSSLSocketFactory()
            return this.urlConn.getSSLSocketFactory();
        public URL getURL()
            return this.urlConn.getURL();
        public boolean getUseCaches()
            return this.urlConn.getUseCaches();
        public int hashCode()
            return this.urlConn.hashCode();
        public void setAllowUserInteraction(boolean allowuserinteraction)
            this.urlConn.setAllowUserInteraction(allowuserinteraction);
        public void setChunkedStreamingMode(int chunklen)
            this.urlConn.setChunkedStreamingMode(chunklen);
        public void setConnectTimeout(int timeout)
            this.urlConn.setConnectTimeout(timeout);
        public void setDefaultUseCaches(boolean defaultusecaches)
            this.urlConn.setDefaultUseCaches(defaultusecaches);
        public void setDoInput(boolean doinput)
            this.urlConn.setDoInput(doinput);
        public void setDoOutput(boolean dooutput)
            this.urlConn.setDoOutput(dooutput);
        public void setFixedLengthStreamingMode(int contentLength)
            this.urlConn.setFixedLengthStreamingMode(contentLength);
        public void setHostnameVerifier(HostnameVerifier v)
            this.urlConn.setHostnameVerifier(v);
        public void setIfModifiedSince(long ifmodifiedsince)
            this.urlConn.setIfModifiedSince(ifmodifiedsince);
        public void setInstanceFollowRedirects(boolean followRedirects)
            this.urlConn.setInstanceFollowRedirects(followRedirects);
        public void setReadTimeout(int timeout)
            this.urlConn.setReadTimeout(timeout);
        public void setRequestMethod(String method) throws ProtocolException
            this.urlConn.setRequestMethod(method);
        public void setRequestProperty(String key, String value)
            this.urlConn.setRequestProperty(key, value);
        public void setSSLSocketFactory(SSLSocketFactory sf)
            this.urlConn.setSSLSocketFactory(sf);
        public void setUseCaches(boolean usecaches)
            this.urlConn.setUseCaches(usecaches);
        public String toString()
            return this.urlConn.toString();
        public boolean usingProxy()
            return this.urlConn.usingProxy();
        public static void main(String[] args) throws MalformedURLException, IOException
            MyHttpsURLConnection urlConn = new MyHttpsURLConnection(new URL(
                    "https://192.168.10.7/"));
            urlConn.connect();
            InputStream is = urlConn.getInputStream();
            int nread = 0;
            byte[] buf = new byte[8192];
            while ((nread = is.read(buf)) != -1)
                System.out.write(buf, 0, nread);
    }

Maybe you are looking for

  • Facing problem in writing data to excel sheet using ActiveX

    Hi. I want to write data from a one dimesional array to a particular excel sheet in a particular row.Please see the attached vi for explantion. It is giving error.But If I give a new file name when the appliation is getting closed it is writing data

  • Can't delete song files

    Running iTunes 9.1 on Windows XP Home Edition 2002, SP3. Almost every time I go to delete a song, it no longer gives me the option to delete the file so I'm not clearing any space on my drive. It does this less often for apps, but still does it. Is t

  • File Size Will Not Reduce

    I am having an odd problem that I cannot resolve.  In LR5 I chose about 15 images to Export as jpeg's onto my hard drive.  Within the Export Dialogue Box I chose Resize To Fit and set it at 2.5 megapixels.  14 of the images resized correctly.  One im

  • Code for restarting Nokia 7610

    Can you tell me what is the code that i can enter in my Nokia 7610 to re-start it, without doing the same by turning off and then turning on

  • Can the intervals in reminders be increased? Need a 2 monthly reminder.

    Can the intervals in reminders be increased? Need a 2 monthly reminder.