Custom SSL Hostname Verifier - SSL Hostname Verification Failed

Similar Messages

• Hostname Verification failed for certificate with CommonName 'gawlsdev02.ss

  Hi All,
  I want to know the meaning and the reason of this exception:
  <Jun 17, 2010 2:05:52 PM EDT> <Warning> <Security> <BEA-090504> <Certificate chain received from gawlsdev02 - 147.141.83.104 failed
  hostname verification check. Certificate contained gawlsdev02.ssga.statestr.com but check expected gawlsdev02>
  <Jun 17, 2010 2:05:52 PM EDT> <Debug> <TLS> <000000> <Hostname Verification failed for certificate with CommonName 'gawlsdev02.ssga.
  statestr.com' against hostname: gawlsdev02>
  thanks in advance.

  When Webloigic Server tries to validate the certificate, it compares te CN of the certificate with the hostname from where the request is coming from.
  If they don't match, hostname verfication fails and SSL connection is not established.
  In your case I see the CN is gawlsdev02.ssga.statestr.com whereas WLS is expecting it to be gawlsdev02.
  U can use this option to ignore host name verification
  -Dweblogic.security.SSL.ignoreHostnameVerification=true
  To know about other SSL issues, u can refer this
  http://weblogic-wonders.com/weblogic/2010/01/28/troubleshooting-ssl-issues/
  -Faisal

• Failed hostname verification check - even when disabled

  Hello Experts,
  I'm using WLS 923 configured as Admin Server that controls two Managed Servers.
  When i go to "Environment ---> Machines ---> Managed Machine ---> Monitoring ---> Node Manager Status
  It says:
  Status - Inactive
  failed hostname verification check. Certificate contained +v-ebpqadmz1+ but check expected +v-ebpqadmz1.dmzntqa.corp.adija.co.il+
  I've disabled verification check in:
  Servers ---> Managed Server -->SSL ---> Advanced ---> Hostname Verification = NONE
  How come hostname verification check is still being performed ?
  Does anyone knows how can i fix this ?
  Meanwhile i had to edit my hostsfile in order to work around it...
  Regards
  Adi J

  Please add the following parameter in your startup argument.
  -Dweblogic.security.SSL.ignoreHostnameVerification=true
  Thanks
  Togotutor
  <b><a class="jive-link-external" href="http://www.togotutor.com">http://www.togotutor.com</a> (Learn Programming and Administration for Free)</b>
  Edited by: togotutor on Aug 12, 2010 3:38 PM

• Nodemanager fails hostname verification check

  does anyone know how i might resolve this issue?
  [[NodeManager:300033]Could not execute command ping on the node manager. Reason: weblogic.nodemanager.NodeManagerException: [CommandInvoker: Failed to send command: 'ping to server 'null' to NodeManager at host: '10.32.33.2:5555' with exception [Security:090504]Certificate chain received from 10.32.33.2 - 10.32.33.2 failed hostname verification check. Certificate contained qa153 but check expected 10.32.33.2. Please ensure that the NodeManager is active on the target machine].]

  Matthew Sacks <> wrote:
  does anyone know how i might resolve this issue?
  [[NodeManager:300033]Could not execute command ping on the node manager.
  [[Reason: weblogic.nodemanager.NodeManagerException: [CommandInvoker:
  [[Failed to send command: 'ping to server 'null' to NodeManager at host:
  [['10.32.33.2:5555' with exception [Security:090504]Certificate chain
  [[received from 10.32.33.2 - 10.32.33.2 failed hostname verification
  [[check. Certificate contained qa153 but check expected 10.32.33.2.
  [[Please ensure that the NodeManager is active on the target machine].]Hi,
  - If you are using scripts:
  you can use the following options in your
  scripts: -Dweblogic.security.SSL.ignoreHostnameVerification=true
  - If you want to use it from the adminserver:
  Go to the adminserver in the console
  Go to 'SSL'
  Select 'Advanced'
  Set 'Hostname Verification' to 'none'
  And restart the adminserver.
  cheers,
  Bart
  Schelstraete Bart
  [email protected]
  http://www.schelstraete.org

• Certificate chain received from localhost 127.0.0.1 failed hostname verification check.

  Hello friends. The dns name of our server recently changed. Since that time,
  nothing except the administration node will start up. Server logs reveal the
  following information:
  Certificate chain received from localhost - 127.0.0.1 failed hostname verification
  check. Certificate contained COTHUBT but check expected localhost>
  There is one trusted certificate that was added to the cacerts keystore. Does
  it need to be removed and re added? Any other insight would be appreciated.

  "brain" <[email protected]> wrote:
  Try this if you're running version 8
  In the admin node gui.
  Click on machines
  Click on the NodeManager tab for the machine that you are interested in.
  Change hostname in listen address.
  Bounce the app server
  >
  Hello friends. The dns name of our server recently changed. Since that
  time,
  nothing except the administration node will start up. Server logs reveal
  the
  following information:
  Certificate chain received from localhost - 127.0.0.1 failed hostname
  verification
  check. Certificate contained COTHUBT but check expected localhost>
  There is one trusted certificate that was added to the cacerts keystore.
  Does
  it need to be removed and re added? Any other insight would be appreciated.

• After updating my iPhone 4s to iOS 6.1, Verification Failed: An SSL error has occurred and a secure connection to the server cannot be made. My wifi connection works; the icon is present at the top left. But Internet won't connect, be it Safari, App Store

  After updating my iPhone 4s to iOS 6.1, Verification Failed: "An SSL error has occurred and a secure connection to the server cannot be made." My wifi connection works; the icon is present at the top left. But Internet apps won't connect, be it Safari, App Store or Facebook & instagram. Push notifications also work so posts from Facebook and Instagram still pop-up. Does any one have any ideas? Thanks.

  I have the same problem.  Worked fine on Friday.  My VPN or any ssl site do not work on my iPhone 5.  Both work perfect on iPhone 4 and 4s

• How to disable hostname verification without code

  Hello.
  Is there a way to disable the hostname verification during SSL connection, ? I mean something like a system property, since i use an existing application and i've not the source to set my own custom hostname verifier.
  Thanks.
  Ephemeris Lappis

  Hi
  I faced the same problem and as I see now I'm not the only one :o)
  Did you find the way to do it, please?
  Very appreciating any inputs,
  Sincerely,
  Jabb
  null

• Error- isDefault SSL context init failed : Cannot recover key

  Hi,
  We are trying to run a sample HTTPS request from client to Server using SSL.
  Below is the the code we used to run Client program which will communicate with HTTPS server (Server Socket which will accept connections)
  Basically we created a server certificate inside Https server program and that will be exported and imported into Client directory.
  Finally when we run below client program means its giving below error
  Error- isDefault SSL context init failed : Cannot recover key
  Can anybody please help me to run this program successfully?If we you give some basic steps to check the settings what needs to be set before running this program.?
  Client Program
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider() );
  System.setProperty("javax.net.ssl.keyStore", "D:\\JavaR&D\\Rajiv\\server\\serverkeys");
  System.setProperty("javax.net.ssl.keyStoreType" ,"JKS"); /* ,"pkcs12" */
  System.setProperty("javax.net.ssl.keyStorePassword","welcome");
  System.setProperty("javax.net.ssl.trustStore" , "C:\\j2sdk1.5.0\\jre\\lib\\security\\cacerts");
  System.setProperty("javax.net.ssl.trustStorePassword" , "clientpass");
  System.setProperty("javax.net.ssl.trustStoreType","JKS"); /* ,"pkcs12" */
  System.setProperty("java.protocol.handler.pkgs" ,"com.sun.net.ssl.internal.www.protocol");
  com.sun.net.ssl.HostnameVerifier hv=new com.sun.net.ssl.HostnameVerifier() {
  public boolean verify(String urlHostname, String certHostname) {
  System.out.println("urlHostname >>" + urlHostname +"<<");
  System.out.println("certHostname >>" + certHostname +"<<");
  System.out.println("WARNING: Hostname is not matched for cert.");
  return true;
  com.sun.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(hv);
  SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
  // server = (SSLServerSocket) factory.createServerSocket(portNumber);
  System.out.println("above socketcreation");
  SSLSocket socket = (SSLSocket)factory.createSocket("172.16.56.227",8443);
  Server Program

  Is there some kind of timeline that I can expect 8.1 to ship in?
  I appreciate being informed that this is a known issue and all, but without giving me a timeframe to expect a fix in, how can you possibly expect me to continue to pursue your products as viable options?
  To tell me to wait for 8.1, without giving me a timeframe or any further details is simply put in one word. Amatuer.
  What kind of response is this? What am I supposed to tell my supervisor? How am I supposed to explain to upper management that the application server they're telling us to use is incapable of handling the use cases our business functions require? What do you want me to do, tell them to wait for the next release without being able to give them a ballpark figure? We're a small team, us Java guys. We've already invested months is moving to a new platform. Now that platform is failing us, and the vendor hasn't got any better response than, "Oh yeah, our bad. We'll fix it next time... whenever that is..."
  If 8.1 is as half-baked as 8.0 is (BTW your deploytool is a broken piece of junk. I can reliably crash the thing in under 10 seconds) then I don't have a lot of hope for 8.1. You can bet I sure as heck won't be holding my breath for it.
  Looks like it's time to investigate the other vendors that support J2EE 1.4. Something tells me I'll have better luck with WebSphere. The hard part there will be selling managment on the idea. At least IBM is notoriously forward with their clients, even if they are expensive.
  All I'm asking for now is a timeframe for 8.1. When can we expect it? If it's before I expect to -have- to have this stuff in production I may be able to wait... but at this point, I'm disgruntled enough to not bother.
  Maybe we should investigate moving to .net. At least then when the vendor screws me I'll be expecting it.

• Default SSL context init failed: jks

  Hello to all.
  This is my first post in the Sun forums. I am a C++ programmer migrating to Java.
  I am writting a SSL client that connects to my SSL-speaking daemon. The code I am
  trying is from examples across the internet:
  ---CODE BEGINS---
  import javax.net.ssl.*;
  import javax.net.*;
  import java.net.*;
  import java.io.*;
  public class FirstClass {
  public static void main(String[] args) {
  FirstClass firstClass1 = new FirstClass();
  try {
  int port = 4433;
  String hostname = "localhost";
  SocketFactory socketFactory = SSLSocketFactory.getDefault();
  Socket socket = socketFactory.createSocket(hostname, port);
  // Create streams to securely send and receive data to the server
  InputStream in = socket.getInputStream();
  OutputStream out = socket.getOutputStream();
  // Read from in and write to out...
  // Close the socket
  in.close();
  out.close();
  } catch(IOException e) {
  System.out.println("Exception: " + e.getMessage());
  ---CODE ENDS---
  Everything goes okay in the build process, the problem is like the topic says a problem
  with the creatinon of the SSL context. Also, I run it with the appropriate params as in:
  ---CMD BEGINS---
  java \
  -Djavax.net.debug=ssl \
  -Djavax.net.ssl.keyStore=serverKeyStore \
  -Djavax.net.ssl.keyPassword=123456 \
  MySSLExample
  ---CMD ENDS---
  I have the serverKeyStore that I created with keytool and the password is
  really 123456 (tuff one, huh?). The output is:
  ---OUTPUT BEGINS---
  keyStore is : serverKeyStore
  keyStore type is : jks
  init keystore
  default context init failed: java.security.KeyStoreException: jks
  Exception: Default SSL context init failed: jks
  ---OUTPUT ENDS---
  I really don't care for trusting the certificates, I only want some kind of encryption
  on the data channels (in/out) so I could ignore the verification of the certificates.
  I also found someone on a forum that asked the same I am now, but he latter posted
  that he found the solution and left... with no solution posted.
  Thanks for any help out there,
  Rodrigo Madera

  Try
  -Djavax.net.ssl.keyStorePassword=123456
  instead of
  -Djavax.net.ssl.keyPassword=123456

• Nodemanager hostname verification failure

  Hi, on some of my machines I installed WL 9.1 on, registry.xml had the fully qualified hostname (this is good), others did not (this is bad). When the admin server tries to connect to the node manager on these machines, I get hostname verification failure because the certificate has the non qual hostname but is expecting fully qual. Simply editing registry.xml to the good value did not fix the issue.
  How does weblogic determine the value that goes in the certificate and in registry.xml?
  Can I force it somehow?
  Can I have it just regenerate the certificate?
  Any help would be appreciated.
  Thanks

  Matthew Sacks <> wrote:
  does anyone know how i might resolve this issue?
  [[NodeManager:300033]Could not execute command ping on the node manager.
  [[Reason: weblogic.nodemanager.NodeManagerException: [CommandInvoker:
  [[Failed to send command: 'ping to server 'null' to NodeManager at host:
  [['10.32.33.2:5555' with exception [Security:090504]Certificate chain
  [[received from 10.32.33.2 - 10.32.33.2 failed hostname verification
  [[check. Certificate contained qa153 but check expected 10.32.33.2.
  [[Please ensure that the NodeManager is active on the target machine].]Hi,
  - If you are using scripts:
  you can use the following options in your
  scripts: -Dweblogic.security.SSL.ignoreHostnameVerification=true
  - If you want to use it from the adminserver:
  Go to the adminserver in the console
  Go to 'SSL'
  Select 'Advanced'
  Set 'Hostname Verification' to 'none'
  And restart the adminserver.
  cheers,
  Bart
  Schelstraete Bart
  [email protected]
  http://www.schelstraete.org

• How to disable hostname verification on iplanet reverse proxy

  I am looking for a way to disable hostname verification of the application server url specified in teh reverse proxy setup.
  I am using the following setting in my Object definitions. It is failing due to the certificate CN is not matching the url I specified
  The error is :
  for host xx.yy.zz.ww trying to GET /uri/loginAction.do, service-http reports: HTTP7758: error sending request (SSL_ERROR_BAD_CERT_DOMAIN: Requested domain name does not match the server's certificate.)
  Route fn="set-origin-server" server="https://bbb.com:7002/" poll-timeout="20000" retries="2"
  My tomcat certificate CN has  aaa.com
  While I am using the tomcat on bbb.com.
  Is there any way to disable hostname verification on a reverproxy setup. I am unable to find any relevant documentation on this.
  The closest discussion I found was https://forums.oracle.com/thread/1943116 but it did not conclude anything.

  Found a solution from Oracle Knowledge base:
  This fixed our issue
  <Object name="reverse-proxy-/abc">
  ObjectType fn="ssl-client-config" validate-server-cert="false"
  Route fn="set-origin-server" server="https://server1.test.com:11011" server="https://server2.test.com:11011"
  </Object>

• X509 certificates, hostname verification and SunCluster 3.1 failover.

  Hi,
  A newbie question - having an existing non clustered architecture and trying to decide how to use the SunCluster features.
  I have some self signed x509 certificates that are used by a process. When this process is (going to be) failed over to another machine, and the filsystem that contains the certificates also follows, what is the recommened way of ensuring that I can use the same certificates and that hostname verification etc still works.
  When I define a resource group for the filesystem and network interfaces required by this, can I also create a virtual hostname that will work on either of my cluster machines and will not confuse my SSL code when it verifies the certificates and the host?
  I think this is not a question of DNS, but a question of what happens when I want to type 'hostname' and would like to get the same result on either box that is part of our cluster. This way my certificates and application configuration would not need to be changed during a failover event.
  Thanks!

  Forget about the local hostname question - all that is important at the moment is that my keystores and truststores (created using Sun JVM keytool) are transportable and usuable on the other host without change. The network resources associated with the names in the certificates are planned to move across as part of the resource gorup).
  In theory I guess this shoud work, but I wanted to know if anyone has had any experience of doing this and there were any gotchas.
  Thanks.

• Complication if Hostname Verification Ignored enabled?

  Currently we are testing our application. The application need to
  connect to a remote system through an SSL connection. However,
  without the 'Hostname Verification Ignored' enabled, the application
  always received a UnknownHostException just until we enable the option
  above, the application can connect succesfully.
  The cert on the remote system is not a real cert yet (it will be once
  we move to production). However, we already add the CA into our
  trusted list. We are using JVM bundled with BEA WLS 6.1 SP3.
  The concern that our customer has right now is how it will affect
  production system? With this option enabled, is that meant any cert
  from any server will be accepted by the JVM/WLS as trusted?
  Currently looking at the trusted CA in the key ring, there are only 2
  company supported by default (Verisign and Thawte), is there any
  specific documentation on how to include another CA into WLS trusted
  list?
  Thank you,
  Irawan.

  I did some more research for the issue mentioned which I yet to get rid of.
  1) I wrote a REST web service which makes a call to another REST service deployed on another weblogic using HTTPs (same code as mentioned above is used). I delpoyed the war and made a http call to the first webservice, the other REST service was invoked successfully using HTTPs. So this confirmed that there is no problem with the certificates or keystore or hostname verifictaion.
  2) My actual application still throws the handshake exception as below -
  <Warning> <Security> <BEA-090542> <Certificate chain received from xx.yy.zz.rrr - xx.yy.zz.rrr was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.>
  So I think the problem is something else but weblogic is priniting the exception message wrong.
  The process hierarchy ( in UNIX ) is as shown below -
  bea 31914 31913 0 14:29 ? 00:00:00 /bin/sh <DOMAIN HOME>//bin/startWebLogic.sh
  bea 31989 31914 0 14:29 ? 00:01:25 /opt/bea/jdk160_24/bin/java <The weblogic start server process> started by startWebLogic.sh
  bea 32107 31989 0 14:29 ? 00:00:09 /opt/bea/jdk160_24/bin/java <One of custom process>
  bea 2038 32107 0 18:38 ? 00:00:15 /opt/bea/jdk160_24/bin/java <Another custom process which contains my java classes containing the REST client>
  The problem is there in both Weblogic 11 and 10.3 version.
  I will be grateful if someone gives any clue about the problem.

• Default SSL context init failed:

  Hi All,
  i got this problem in my Web services client, i have installed correct certificate and jar deployment for the same. but there is no solution for the same.
  so please help us to solve this issue as soon as possible.
  AxisFault
  faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
  faultSubcode:
  faultString: java.net.SocketException: Default SSL context init failed: null
  faultActor:
  faultNode:
  faultDetail:
  {http://xml.apache.org/axis/}stackTrace:java.net.SocketException: Default SSL context init failed: null
  at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:156)
  at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:92)
  at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
  at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
  at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
  at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
  at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
  at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
  at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
  at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
  at org.apache.axis.client.Call.invoke(Call.java:2767)
  at org.apache.axis.client.Call.invoke(Call.java:2443)
  at org.apache.axis.client.Call.invoke(Call.java:2366)
  at org.apache.axis.client.Call.invoke(Call.java:1812)
  at com.ibm.ivr.webservices.IVRCDBServiceSoapBindingStub.getCustomerProfile(IVRCDBServiceSoapBindingStub.java:442)
  at com.gl.nortel.ivr.service.invoker.cdb.CDBServiceHandler.invokeMobilitySOAPRPCService(CDBServiceHandler.java:269)
  at com.gl.nortel.ivr.service.invoker.cdb.CDBServiceHandler.invokeSOAPRPCService(CDBServiceHandler.java:148)
  at com.gl.nortel.ivr.service.invoker.cdb.CDBStaticServicesInvoker.fetchCustomerProfile(CDBStaticServicesInvoker.java:201)
  at com.gl.nortel.ivr.service.invoker.cdb.CDBStaticServicesInvoker.getCustomerProfile(CDBStaticServicesInvoker.java:102)
  at sun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at com.peri.rnd.jsb.Jsb$MethodCall.invoke(Jsb.java:1054)
  at com.peri.rnd.jsb.Jsb$Client.invokeMethod(Jsb.java:1269)
  at com.peri.rnd.jsb.Jsb$Client.handleSendResource(Jsb.java:1398)
  at com.peri.rnd.jsb.Jsb$Client.run(Jsb.java:1552)
  at java.lang.Thread.run(Thread.java:595)
  {http://xml.apache.org/axis/}hostname:PNQAP22216
  java.net.SocketException: Default SSL context init failed: null
  at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
  at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
  at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
  at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
  at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
  at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
  at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
  at org.apache.axis.client.Call.invoke(Call.java:2767)
  at org.apache.axis.client.Call.invoke(Call.java:2443)
  at org.apache.axis.client.Call.invoke(Call.java:2366)
  at org.apache.axis.client.Call.invoke(Call.java:1812)
  at com.ibm.ivr.webservices.IVRCDBServiceSoapBindingStub.getCustomerProfile(IVRCDBServiceSoapBindingStub.java:442)
  at com.gl.nortel.ivr.service.invoker.cdb.CDBServiceHandler.invokeMobilitySOAPRPCService(CDBServiceHandler.java:269)
  at com.gl.nortel.ivr.service.invoker.cdb.CDBServiceHandler.invokeSOAPRPCService(CDBServiceHandler.java:148)
  at com.gl.nortel.ivr.service.invoker.cdb.CDBStaticServicesInvoker.fetchCustomerProfile(CDBStaticServicesInvoker.java:201)
  at com.gl.nortel.ivr.service.invoker.cdb.CDBStaticServicesInvoker.getCustomerProfile(CDBStaticServicesInvoker.java:102)
  at sun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at com.peri.rnd.jsb.Jsb$MethodCall.invoke(Jsb.java:1054)
  at com.peri.rnd.jsb.Jsb$Client.invokeMethod(Jsb.java:1269)
  at com.peri.rnd.jsb.Jsb$Client.handleSendResource(Jsb.java:1398)
  at com.peri.rnd.jsb.Jsb$Client.run(Jsb.java:1552)
  at java.lang.Thread.run(Thread.java:595)
  Caused by: java.net.SocketException: Default SSL context init failed: null
  at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:156)
  at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:92)
  at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
  at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
  at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
  ... 22 more

  Help yourself. Start by doing some proper research. Paste 'java.net.SocketException: Default SSL context init failed: null' into google and see what you get: I did and I got plenty of hits.

• How to disable the certificate hostname verification?

  In JSSE changes file <http://java.sun.com/products/jsse/CHANGES.txt>
  It states the following:
  "It is sometimes useful to "disable" the certificate hostname
  verification during project development. A single certificate can now be shared among many development machines so that the hostnames don't need to match. A bug was fixed in the HttpsURLConnection hostname verifier code that now allows this functionality to work."
  Any idea on how to disable it
  Thanks
  - rayed

  this is easily achieved :
  create your own class (for example 'MyHostNameVerifier' ..) as a subclass of the JSSE HostNameVerifier and overwrite the method :
  public boolean verify(String parm1, String parm2)
  to your special needs. This method implements the verifying of hostnames..
  For your HttpsURLConnection then call
  setHostnameVerifier(new MyHostNameVerifier());
  so the HttpsURLConnection will then use MyHostNameVerifier in order to verify the hostname registered in the certificate.