HTTPS hostname wrong: should be myhostname

Similar Messages

• Java.io.IOException: HTTPS hostname wrong:  should be localhost

  I'm having problems verifying an SSL client using Tomcat v5.x. I create a key in a particular keystore, let's call it C:\tomcat. I start tomcat specifying this file as the keystore to use. I then connect to the server on port 8443 with Internet Explorer and save the certificate returned from the server in a file. I then import the certificate into a keystore, let's say C:\tomcat_client. In my SSL client code I am specifiying the keystore to use with a System.setProperty("javax.net.ssl.trustStore", "C://tomcat_client"); However when I try to retrieve an output stream from a HttpURLConnection I receive the above exception. Any ideas what is happening ?
  Exception : java.io.IOException: HTTPS hostname wrong: should be <localhost>
  I have tried a variety of other options including importing the certificate into jssecacerts in the lib/security directory of the jre I am using to execute the SSL client, using the same keystore file for tomcat and the SSL client, etc.

  Hi Everybody!
  I've had a lot of problems with HTTPS connection. But finally I found a solution that works for me. So here is the Servlet:
  * File name: TestServlet.java
  * Created on 2005.01.21.
  package georgie.test.servlet;
  import java.io.BufferedReader;
  import java.io.IOException;
  import java.io.InputStreamReader;
  import java.net.URL;
  import javax.net.ssl.HostnameVerifier;
  import javax.net.ssl.HttpsURLConnection;
  import javax.net.ssl.SSLSession;
  import javax.servlet.ServletException;
  import javax.servlet.http.HttpServlet;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  * @author Gy�rgy Nov�k
  public class TestServlet extends HttpServlet
      protected void doGet(HttpServletRequest request,
              HttpServletResponse response) throws ServletException, IOException
          try
              trustAllHttpsCertificates();
              String urlStr = request.getParameter("url");
              HttpsURLConnection.setDefaultHostnameVerifier(hv);
              URL url = new URL(urlStr == null ? "https://www.verisign.com/"
                      : urlStr);
              debug("URL READY");
              BufferedReader in = new BufferedReader(new InputStreamReader(url
                      .openStream()));
              debug("INPUT READY");
              int buff;
              while ((buff = in.read()) != -1)
              in.close();
              debug("EVERYTHING IS DONE!!!");
          catch (Exception e)
              e.printStackTrace();
      HostnameVerifier hv = new HostnameVerifier()
          public boolean verify(String urlHostName, SSLSession session)
              System.out.println("Warning: URL Host: " + urlHostName + " vs. "
                      + session.getPeerHost());
              return true;
      private void debug(String s)
          System.out.println("[DEBUG] -- TestServlet -- \n" + s);
      private static void trustAllHttpsCertificates() throws Exception
          //  Create a trust manager that does not validate certificate chains:
          javax.net.ssl.TrustManager[] trustAllCerts =
          new javax.net.ssl.TrustManager[1];
          javax.net.ssl.TrustManager tm = new miTM();
          trustAllCerts[0] = tm;
          javax.net.ssl.SSLContext sc =
          javax.net.ssl.SSLContext.getInstance("SSL");
          sc.init(null, trustAllCerts, null);
          javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(
          sc.getSocketFactory());
      public static class miTM implements javax.net.ssl.TrustManager,
              javax.net.ssl.X509TrustManager
          public java.security.cert.X509Certificate[] getAcceptedIssuers()
              return null;
          public boolean isServerTrusted(
                  java.security.cert.X509Certificate[] certs)
              return true;
          public boolean isClientTrusted(
                  java.security.cert.X509Certificate[] certs)
              return true;
          public void checkServerTrusted(
                  java.security.cert.X509Certificate[] certs, String authType)
                  throws java.security.cert.CertificateException
              return;
          public void checkClientTrusted(
                  java.security.cert.X509Certificate[] certs, String authType)
                  throws java.security.cert.CertificateException
              return;
  }Wish You all the best:
  Georgie

• Different "java.io.IOException: HTTPS hostname wrong:  should be ..." error

  Hi
       I am experiencing some problems using SSL with Java 1.4.2_12 which appear to be subtly different to the ones posted earlier in this forum.
       ProcessA is trying to establish an HTTPS connection with an Apache server but gets the following error whilst trying to open the stream:
       java.io.IOException: HTTPS hostname wrong: should be <nnn.nnn.nnn.n>
       ProcessA obtains the IP to connect to from local config and this exactly matches the IP the IOEXception says it should be! Consequently I am confused as to why JSSE complains.
       I checked the certificates in the local keystore and the CN is also identical to the supplied IP
       I do not have the authority to tinker with the Apache configuration so I can't try anything else out. I must have missed a step somewhere but I am at a loss as to what. If anyone can shed some light on what may be happening here, I'd be obliged.
       thanks

  Ejp: please accept my apologies for the hugely late response to this.
  The problem was indeed at the server end. I had already employed the HostnameVerifier but after some badgering of the server admin the problem was nailed as exactyly what you said.
  Thanks (and apologies) again.

• HTTPS hostname wrong:  should be myhost

  Hello everybody:
  I developed some servlets using jre 1.5 and Tomcat 5.0. Now, I have to deploy them in Oracle IAS 10g 1.3.
  Everything is okay, except https connection, and I don't know what to do: It works fine in Tomcat 5.0 and OC4J (oc4j_extended_101300) but not in IAS 1.3.
  This is my code:
  // protocol handler uses this security provider
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  com.sun.net.ssl.HostnameVerifier hv=new com.sun.net.ssl.HostnameVerifier() {
  public boolean verify(String urlHostname, String certHostname) {
  System.out.println("WARNING: Hostname is not matched for cert.");//<-This is never shown
  return true;
  com.sun.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(hv);
  And this is the server response:
  06/02/27 12:50:42 java.protocol.handler.pkgs: com.sun.net.ssl.internal.www.protocol
  06/02/27 12:50:42 java.io.IOException: HTTPS hostname wrong: should be <myhost>
  06/02/27 12:50:42 at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:493)
  06/02/27 12:50:42 at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
  06/02/27 12:50:42 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
  06/02/27 12:50:42 at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:836)
  06/02/27 12:50:42 at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getOutputStream(HttpsURLConnectionOldImpl.java:200)
  06/02/27 12:50:42 at aux.Conn.getHostResponse(Conn.java:255)
  06/02/27 12:50:42 at aux.Conn.responseProcess(Conn.java:366)
  06/02/27 12:50:42 at mymainclass.MyServlet.doPost(MyServlet.java:56)
  06/02/27 12:50:42 at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
  06/02/27 12:50:42 at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
  06/02/27 12:50:42 at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:719)
  06/02/27 12:50:42 at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:376)
  06/02/27 12:50:42 at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:870)
  06/02/27 12:50:42 at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:451)
  06/02/27 12:50:42 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:299)
  06/02/27 12:50:42 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:187)
  06/02/27 12:50:42 at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
  06/02/27 12:50:42 at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303
  06/02/27 12:50:42 at java.lang.Thread.run(Thread.java:595)
  Thanks in advance

  you write your own little hostname verifier class (it is easy) and set it as the default. If you really dont care what the name of the servers URL is, then do this:
  HttpsURLConnection.setDefaultHostnameVerifier(new YourHostnameVerifier());
  YourHostNameVerifier simple has to implement HostnameVerifier interface, which is one method call. You can simply return true if you dont want it to check it (if the certificate is trusted enough, and URL does not matter).

• "HTTPS hostname wrong" for a hostname starts with a number

  Does anyone know about why HttpsClient throws the error for a hostname starts with a number. I have no problem with other hostname but only for the hostname starts with a number. The certificate works fine with Browser. I am sure the hostname in the certificate and in the request are exactly the same.
  I know how to skip the hostname verification, but I don't want to do that for security concern.
  Can sun develpoer shed some light how to verify the hostname in HttpsClient?
  java.io.IOException: HTTPS hostname wrong: should be
  <1company.mydomain.com>
  at sun.net.www.protocol.https.HttpsClient.b(DashoA6275)
  at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275)
  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA6275)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:574)
  at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(DashoA6275)
  at java.net.URL.openStream(URL.java:960)
  Thanks
  Al8079

  I looked at the RFCs you mention, and they do seem to indicate that host/domain names cannot start with digits...however if you look at RFC 1123 closely it says:
  RFC1123 APPLICATIONS LAYER -- GENERAL October 1989
  2. GENERAL ISSUES
  This section contains general requirements that may be applicable to
  all application-layer protocols.
  2.1 Host Names and Numbers
  The syntax of a legal Internet host name was specified in RFC-952
  [DNS:4]. One aspect of host name syntax is hereby changed: the
  restriction on the first character is relaxed to allow either a
  letter or a digit. Host software MUST support this more liberal
  syntax.
  Host software MUST handle host names of up to 63 characters and
  SHOULD handle host names of up to 255 characters.

• HTTPS hostname wrong

  Hi everybody,
  I?m developing a client webservice throught https and I can`t connect to it, the exception thrown is:
  java.rmi.RemoteException: HTTP transport error: java.io.IOException:
  HTTPS hostname wrong:  should be <wservices.fundacioncan.com>; nested exception is:
  HTTP transport error: java.io.IOException: HTTPS hostname wrong:
    should be <wservices.fundacioncan.com>This service use a basic authentication using user and password, I used the following code to set it:
  System.setProperty("javax.net.ssl.trustStore","c:\\client.keystore");
  System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
  System.setProperty("javax.protocol.handler.pkgs",
  "com.sun.net.ssl.internal.www.protocol.https");
  java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
           // Get our port interface
         stub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY, username);
          stub._setProperty(javax.xml.rpc.Stub.PASSWORD_PROPERTY, password);For calling this service I`m using a java class without a Tomcat server, and also, I have not
  implemented the web service. I only know that it is hosted at
  the next URL
  https://wservices.fundacioncan.com:9443 and the server certificate
  that i can get from the browser shows that the Subject is www.fundacioncan.com
  Can anybody tell me what I?m doing wrong? I have read old topics about the same but nothing works.
  Thanks in advance

  You can get problems connecting over HTTPS in IE if the name on the certificate does not match the name of the site. For example if a certificate for java.sun.com had the name www.sun.com you'd get a dialog popping up saying that the name of the certificate did not match the name of the site, but that otherwise it was ok. This seems to be the error you're getting here, but you don't get the option to proceed...
  I don't know whether there is a workaround for this, I only know from my experience developing my own web service that I had to ensure the server name matched the name on the certificate. It doesn't look like you have this luxury, so I'd suggest contacting the web service provider for more info, unless someone else has a workaround.
  Chris

• Please help - HTTPS hostname wrong.

  Sorry for posting this message again. It may just be a quick help from any of you.
  I have a simple https client that produced the following error message -
  " java.io.IOException: HTTPS hostname wrong: should be <test.cat.com>, but cert says <*.cat.com> "
  I thought that the * is the wild card,thus test.cat.com should be accepted. Any ideas?
  Thanks, Jack

  I am not sure exactly what to do. Anyway the code is simple. It basically first connects to a site for logon and obtain certificate (?). And then try to connect to another site.
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  System.getProperties().put("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
  URL url = new URL("https://login.cat.com/cgi-bin/setcookie?username=liuj&password=test"); URLConnection connection = url.openConnection();
  BufferedReader in = new BufferedReader(new InputStreamReader(connection.getInputStream()));
  String inputLine;
  while ((inputLine = in.readLine()) != null)
  System.out.println(inputLine);
  in.close();
  url = new URL("https://eddweb.cat.com/");
  connection = url.openConnection();
  The exception happens at the above line -
  java.io.IOException: HTTPS hostname wrong: should be <eddweb.cat.com>, but cert says <*.cat.com>
  I know I have other issues need to work out later on. Right now I need to first resolve this problem. Thank you. Jack

• HTTPS hostname wrong - wild card?

  I have a simple https client that produced the following error message -
  " java.io.IOException: HTTPS hostname wrong: should be <test.cat.com>, but cert says <*.cat.com> "
  I thought that the * is the wild card,thus test.cat.com should be accepted. Any ideas?
  Thanks, Jack

  ok I did exactly that and it's good. However I suggest that you don't return true automatically since it bypass completely the protection. You can easily implement the check for the domain name (which is the current implementation in jsse) and then add the wildcard special cases.
  Have fun
  Francois

• OPP log shows java.io.IOException: HTTPS hostname wrong:

  Hi All -
  While running BI Publisher programs in R12.1.3 instance , we are getting below error.
  [11/14/11 10:02:33 PM] [UNEXPECTED] [82134:RT731346] java.io.IOException: HTTPS hostname wrong: should be <test0va1.mia.abc.com>
  Can anyone please help ?
  Regards

  The error is reported in these docs but I do not think it is helpful.
  Pdf Export On Worklist Throws HTTPS Hostname Wrong Exception [ID 1118694.
  E-IB: Getting "java.io.IOException: HTTPS hostname wrong: should be <*.*.*.*>, but cert says..." on Accessing External Web Service Node over HTTPS [ID 1163124.1]
  Encountering excpetion when calling an external Web Service: com.sun.xml.messaging.saaj.SOAPExceptionImpl: Message send failed [ID 1029108.1]
  Please log a SR.
  Thanks,
  Hussein

• Java.io.IOException: HTTPS hostname wrong

  Hello
  I was trying to open a connection to secure URL and post content to it.
  I got the following exception:
  java.io.IOException: HTTPS hostname wrong: should be <165.112.121.195>
  at sun.net.www.protocol.https.HttpsClient.b(DashoA12275)
  Its apparantly because the connection is
  com.sun.net.ssl.internal.www.protocol.https.DelegateHttpsURLConnection
  not
  sun.net.ssl.www.protocol.DelegateHttpsURLConnection
  I tried setting the system property
  System.setProperty("java.protocol.handler.pkgs","sun.net.www.protocol");
  to force JVM to use the newer Delegate.
  Its still doent work. I use JDK 1.4.2_05. I deploy my application in OC4J 9.0.4
  Interesting thing is, I use this code in two different applications, it works in
  one and doen't work in one. Both containers use same JDK. Both are OC4J
  containers.
  Any thoughts? I would appreciate.
  thanks
  Raghavan

  Do you mean?
  System.setProperty("java.protocol.handler.pkgs","sun.net.ssl.www.protocol");

• Web service calling in HTTPS, certificate, hostname wrong

  Hi
  Im triying to call a web service running in WSO2 Carbon and I cant do it because I was geting a exception asking for a certificate.I had success importing a valid certificate, but now I get the following exception
  HTTPS hostname wrong: should be <10.36.15.100>
  this ip is the one where the WSO2 Carbon is running with the web service Im calling.
  When I consume services running in other places I gat no problem and I can consume the service running in the WsO2 with the SOAP UI, so I dont Know what happend?
  Thanks
  Ray

  Glad to help.
  I actually had a similar problem a few weeks ago. I created a remote enabled FM in our R/3 system that was called by a program in our SRM system. When I ran the FM in R/3 it worked, but from SRM, no joy.
  Eventually, I found that I had mispelled a parameter in the calling program. Since, the FM didn't exist in SRM, the calling program couldn't report any syntax error or give a dump. I corrected the spelling and it finally worked.
  Rob

• HTTPS hostname verification...

  I am using JDK1.3.1 with JSSE 1.0.1. In my dev environment, we installed a trial SSL certificate. But the host name on the certificate is different from the actual host name.
  Because of this, I am getting an exception saying that, cetificate host name is different from the server name.
  But there is a possiblity that, you can disable this hostname checking. Does anybody know about this.
  --Bala                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

  Maybe this will help
  http://forum.java.sun.com/thread.jsp?forum=60&thread=130200

• Clean Access HTTP redirect wrong after IP address change

  Hi,
  Wondered if anyone had seen this:
  We have a Clean Access server running in VGW mode for VPN traffic, after a redesign the IP address has changed (the trusted and untrusted are the same).
  Unfortunately when a user logs in it still uses the old IP address in the HTTP redirect, this has been confirmed by looking at the HTML source.
  Apart from that it looks fine, new SSL certificate etc.
  Any ideas apopreciated, thanks.
  Jim.

  For all deployments, if planning to configure the Clean Access Server in Virtual Gateway mode (IB or OOB), do not connect the untrusted interface (eth1) of the standalone CAS or HA-Primary CAS until after you have added the CAS to the CAM from the web admin console. For Virtual Gateway HA-CAS pairs, also do not connect the eth1 interface of the HA-Secondary CAS until after HA configuration is fully complete. Keeping the eth1 interface connected while performing initial installation and configuration of the CAS for Virtual Gateway mode can result in network connectivity issues.
  When setting up a CAS in Virtual Gateway mode, you specify the same IP address for the trusted (eth0) and untrusted (eth1) network interfaces during the initial installation of the CAS via CLI. At this point in the installation, the CAS does not recognize that it is a Virtual Gateway. It will attempt to connect to the network using both interfaces, causing collisions and possible port disabling by the switch. Disconnecting the untrusted interface until after adding the CAS to the CAM in Virtual Gateway mode prevents these connectivity issues. Once the CAS has been added to the CAM in Virtual Gateway mode, you can reconnect the untrusted interface.
  Administrators must use the procedure mentioned in the below URL for correct configuration of a Virtual Gateway Central Deployment:
  http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/418/cas/s_instal.html#wp1045874

• How to bypass certificates

  Hi
  I am having java standalone application which uses https protocol. From here I am contacting https server, but server is saying certificate expired. Can any body tell me how to by pass the certificate such that my application will work.
  Thanks

  * When reading the content from a HTTPS connection, a <code>javax.net.ssl.SSLException:
       * untrusted server cert chain</code> can be thrown for untrusted servers. To force reading from such
       * untrusted servers, this method installs a 'all-trustung' trust manager that returns 'true' for all
       * servers.To read from a https connection, you need to call this method and install a dummy host name
       * verifier:
       * <p>
       * <center><table bgcolor="#ddddff" border=1 cellpadding="10" cellspacing="0"><tr><td><pre>
       * HttpURLConnection con = (HttpURLConnection) url.openConnection();
       * ((javax.net.ssl.HttpsURLConnection) con).setHostnameVerifier(new javax.net.ssl.HostnameVerifier() {
       *     public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
       *         return true;
       * </pre></td></tr></table></center>
       * @throws Exception if installation of the new trust manager failed.
       static public void trustHttpsCertificates() throws Exception {
  //        System.setProperty("javax.net.debug","all"); //enable net debugging ("help" gives all options)
          Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
          //Create a trust manager that does not validate certificate chains:
          TrustManager[] trustAllCerts = new TrustManager[] {
              new X509TrustManager() {
                  public X509Certificate[] getAcceptedIssuers() {
                      return null;
                  public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
                      return;
                  public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
                      return;
              }//X509TrustManager
          };//TrustManager[]
          //Install the all-trusting trust manager:
          SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, new SecureRandom());
         HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
         //avoid "HTTPS hostname wrong: should be <myhostname>" exception:
         HostnameVerifier hv = new HostnameVerifier() {
             public boolean verify(String urlHostName, SSLSession session) {
                 if (!urlHostName.equalsIgnoreCase(session.getPeerHost())) {
                     System.out.println("Warning: URL host '"+urlHostName+"' is different to SSLSession host '"+session.getPeerHost()+"'.");
                 return true; //also accept different hostname (e.g. domain name instead of IP address)
         HttpsURLConnection.setDefaultHostnameVerifier(hv);
      }//trustHttpsCertificates()

• Netstorage wrong hostname & virtual office empty page

  Hi,
  I updates our oes box (linux) with the latest patches (not sp's) and
  ofcourse: Nothing works anymore.
  When I login into virtual office, click on the netstorage link, I get the
  following message :
  NetStorage getData:IOException
  URL = https://virtualoffice.<mydomain>:443/oneNet/xtier-login
  HTTPS hostname wrong: should be <virtualoffice.<mydomain>
  So I thought, because of a newer netstorage version, I only need to change
  the link and get rid of the ':443' section.
  I login with the admin account, click under administration on the service
  link and a beautiful empty screen appears.
  Every link under the administration gives an empty page.
  So anyone experienced this before?
  Can I change the link in a text file or do I really need to change it by use
  of the VO administrators links?
  Anyone any suggestions?
  regards,
  Peter

  Peter,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://support.novell.com/forums)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://support.novell.com/forums/faq_general.html
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/