HTTPS hostname wrong
Hi everybody,
I?m developing a client webservice throught https and I can`t connect to it, the exception thrown is:
java.rmi.RemoteException: HTTP transport error: java.io.IOException:
HTTPS hostname wrong: should be <wservices.fundacioncan.com>; nested exception is:
HTTP transport error: java.io.IOException: HTTPS hostname wrong:
should be <wservices.fundacioncan.com>This service use a basic authentication using user and password, I used the following code to set it:
System.setProperty("javax.net.ssl.trustStore","c:\\client.keystore");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("javax.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol.https");
java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
// Get our port interface
stub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY, username);
stub._setProperty(javax.xml.rpc.Stub.PASSWORD_PROPERTY, password);For calling this service I`m using a java class without a Tomcat server, and also, I have not
implemented the web service. I only know that it is hosted at
the next URL
https://wservices.fundacioncan.com:9443 and the server certificate
that i can get from the browser shows that the Subject is www.fundacioncan.com
Can anybody tell me what I?m doing wrong? I have read old topics about the same but nothing works.
Thanks in advance
You can get problems connecting over HTTPS in IE if the name on the certificate does not match the name of the site. For example if a certificate for java.sun.com had the name www.sun.com you'd get a dialog popping up saying that the name of the certificate did not match the name of the site, but that otherwise it was ok. This seems to be the error you're getting here, but you don't get the option to proceed...
I don't know whether there is a workaround for this, I only know from my experience developing my own web service that I had to ensure the server name matched the name on the certificate. It doesn't look like you have this luxury, so I'd suggest contacting the web service provider for more info, unless someone else has a workaround.
Chris
Similar Messages
-
"HTTPS hostname wrong" for a hostname starts with a number
Does anyone know about why HttpsClient throws the error for a hostname starts with a number. I have no problem with other hostname but only for the hostname starts with a number. The certificate works fine with Browser. I am sure the hostname in the certificate and in the request are exactly the same.
I know how to skip the hostname verification, but I don't want to do that for security concern.
Can sun develpoer shed some light how to verify the hostname in HttpsClient?
java.io.IOException: HTTPS hostname wrong: should be
<1company.mydomain.com>
at sun.net.www.protocol.https.HttpsClient.b(DashoA6275)
at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA6275)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:574)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(DashoA6275)
at java.net.URL.openStream(URL.java:960)
Thanks
Al8079I looked at the RFCs you mention, and they do seem to indicate that host/domain names cannot start with digits...however if you look at RFC 1123 closely it says:
RFC1123 APPLICATIONS LAYER -- GENERAL October 1989
2. GENERAL ISSUES
This section contains general requirements that may be applicable to
all application-layer protocols.
2.1 Host Names and Numbers
The syntax of a legal Internet host name was specified in RFC-952
[DNS:4]. One aspect of host name syntax is hereby changed: the
restriction on the first character is relaxed to allow either a
letter or a digit. Host software MUST support this more liberal
syntax.
Host software MUST handle host names of up to 63 characters and
SHOULD handle host names of up to 255 characters. -
Java.io.IOException: HTTPS hostname wrong: should be localhost
I'm having problems verifying an SSL client using Tomcat v5.x. I create a key in a particular keystore, let's call it C:\tomcat. I start tomcat specifying this file as the keystore to use. I then connect to the server on port 8443 with Internet Explorer and save the certificate returned from the server in a file. I then import the certificate into a keystore, let's say C:\tomcat_client. In my SSL client code I am specifiying the keystore to use with a System.setProperty("javax.net.ssl.trustStore", "C://tomcat_client"); However when I try to retrieve an output stream from a HttpURLConnection I receive the above exception. Any ideas what is happening ?
Exception : java.io.IOException: HTTPS hostname wrong: should be <localhost>
I have tried a variety of other options including importing the certificate into jssecacerts in the lib/security directory of the jre I am using to execute the SSL client, using the same keystore file for tomcat and the SSL client, etc.Hi Everybody!
I've had a lot of problems with HTTPS connection. But finally I found a solution that works for me. So here is the Servlet:
* File name: TestServlet.java
* Created on 2005.01.21.
package georgie.test.servlet;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URL;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
* @author Gy�rgy Nov�k
public class TestServlet extends HttpServlet
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException
try
trustAllHttpsCertificates();
String urlStr = request.getParameter("url");
HttpsURLConnection.setDefaultHostnameVerifier(hv);
URL url = new URL(urlStr == null ? "https://www.verisign.com/"
: urlStr);
debug("URL READY");
BufferedReader in = new BufferedReader(new InputStreamReader(url
.openStream()));
debug("INPUT READY");
int buff;
while ((buff = in.read()) != -1)
in.close();
debug("EVERYTHING IS DONE!!!");
catch (Exception e)
e.printStackTrace();
HostnameVerifier hv = new HostnameVerifier()
public boolean verify(String urlHostName, SSLSession session)
System.out.println("Warning: URL Host: " + urlHostName + " vs. "
+ session.getPeerHost());
return true;
private void debug(String s)
System.out.println("[DEBUG] -- TestServlet -- \n" + s);
private static void trustAllHttpsCertificates() throws Exception
// Create a trust manager that does not validate certificate chains:
javax.net.ssl.TrustManager[] trustAllCerts =
new javax.net.ssl.TrustManager[1];
javax.net.ssl.TrustManager tm = new miTM();
trustAllCerts[0] = tm;
javax.net.ssl.SSLContext sc =
javax.net.ssl.SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, null);
javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(
sc.getSocketFactory());
public static class miTM implements javax.net.ssl.TrustManager,
javax.net.ssl.X509TrustManager
public java.security.cert.X509Certificate[] getAcceptedIssuers()
return null;
public boolean isServerTrusted(
java.security.cert.X509Certificate[] certs)
return true;
public boolean isClientTrusted(
java.security.cert.X509Certificate[] certs)
return true;
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType)
throws java.security.cert.CertificateException
return;
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType)
throws java.security.cert.CertificateException
return;
}Wish You all the best:
Georgie -
Different "java.io.IOException: HTTPS hostname wrong: should be ..." error
Hi
I am experiencing some problems using SSL with Java 1.4.2_12 which appear to be subtly different to the ones posted earlier in this forum.
ProcessA is trying to establish an HTTPS connection with an Apache server but gets the following error whilst trying to open the stream:
java.io.IOException: HTTPS hostname wrong: should be <nnn.nnn.nnn.n>
ProcessA obtains the IP to connect to from local config and this exactly matches the IP the IOEXception says it should be! Consequently I am confused as to why JSSE complains.
I checked the certificates in the local keystore and the CN is also identical to the supplied IP
I do not have the authority to tinker with the Apache configuration so I can't try anything else out. I must have missed a step somewhere but I am at a loss as to what. If anyone can shed some light on what may be happening here, I'd be obliged.
thanksEjp: please accept my apologies for the hugely late response to this.
The problem was indeed at the server end. I had already employed the HostnameVerifier but after some badgering of the server admin the problem was nailed as exactyly what you said.
Thanks (and apologies) again. -
Please help - HTTPS hostname wrong.
Sorry for posting this message again. It may just be a quick help from any of you.
I have a simple https client that produced the following error message -
" java.io.IOException: HTTPS hostname wrong: should be <test.cat.com>, but cert says <*.cat.com> "
I thought that the * is the wild card,thus test.cat.com should be accepted. Any ideas?
Thanks, JackI am not sure exactly what to do. Anyway the code is simple. It basically first connects to a site for logon and obtain certificate (?). And then try to connect to another site.
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.getProperties().put("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
URL url = new URL("https://login.cat.com/cgi-bin/setcookie?username=liuj&password=test"); URLConnection connection = url.openConnection();
BufferedReader in = new BufferedReader(new InputStreamReader(connection.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
url = new URL("https://eddweb.cat.com/");
connection = url.openConnection();
The exception happens at the above line -
java.io.IOException: HTTPS hostname wrong: should be <eddweb.cat.com>, but cert says <*.cat.com>
I know I have other issues need to work out later on. Right now I need to first resolve this problem. Thank you. Jack -
HTTPS hostname wrong: should be myhostname
WHen I connect from my SOAP client to a SOAP server via HTTP, everything works fine. But when I connect via HTTPS, I get an exception
"HTTPS hostname wrong: should be <myhostname>"
I browsed the forums for this and got the workaround
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
return true;
public boolean verify(String urlHostName, String certHostname) {
return true;
HttpsURLConnection.setDefaultHostnameVerifier(hv);
SOAPConnectionFactory scf = SOAPConnectionFactory.newInstance();
connection = scf.createConnection(); //point-to-point connectionbut that doesn't work. Perhaps this workaround only works for url/socket connections and not for SOAP connections. Or is there a similar workaround for SOAP connections?Well, a
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());in addition helped. But I wonder how this host name check is done. I added a System.out with the values of urlHostName and session.getPeerHost() and after I changed my domain name to the IP address this error still occured without this workaround. So even though the urlHostName equals exactly the session.getPeerHost() string, the exception is still thrown. -
HTTPS hostname wrong: should be myhost
Hello everybody:
I developed some servlets using jre 1.5 and Tomcat 5.0. Now, I have to deploy them in Oracle IAS 10g 1.3.
Everything is okay, except https connection, and I don't know what to do: It works fine in Tomcat 5.0 and OC4J (oc4j_extended_101300) but not in IAS 1.3.
This is my code:
// protocol handler uses this security provider
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
com.sun.net.ssl.HostnameVerifier hv=new com.sun.net.ssl.HostnameVerifier() {
public boolean verify(String urlHostname, String certHostname) {
System.out.println("WARNING: Hostname is not matched for cert.");//<-This is never shown
return true;
com.sun.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(hv);
And this is the server response:
06/02/27 12:50:42 java.protocol.handler.pkgs: com.sun.net.ssl.internal.www.protocol
06/02/27 12:50:42 java.io.IOException: HTTPS hostname wrong: should be <myhost>
06/02/27 12:50:42 at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:493)
06/02/27 12:50:42 at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
06/02/27 12:50:42 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
06/02/27 12:50:42 at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:836)
06/02/27 12:50:42 at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getOutputStream(HttpsURLConnectionOldImpl.java:200)
06/02/27 12:50:42 at aux.Conn.getHostResponse(Conn.java:255)
06/02/27 12:50:42 at aux.Conn.responseProcess(Conn.java:366)
06/02/27 12:50:42 at mymainclass.MyServlet.doPost(MyServlet.java:56)
06/02/27 12:50:42 at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
06/02/27 12:50:42 at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
06/02/27 12:50:42 at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:719)
06/02/27 12:50:42 at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:376)
06/02/27 12:50:42 at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:870)
06/02/27 12:50:42 at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:451)
06/02/27 12:50:42 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:299)
06/02/27 12:50:42 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:187)
06/02/27 12:50:42 at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
06/02/27 12:50:42 at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303
06/02/27 12:50:42 at java.lang.Thread.run(Thread.java:595)
Thanks in advanceyou write your own little hostname verifier class (it is easy) and set it as the default. If you really dont care what the name of the servers URL is, then do this:
HttpsURLConnection.setDefaultHostnameVerifier(new YourHostnameVerifier());
YourHostNameVerifier simple has to implement HostnameVerifier interface, which is one method call. You can simply return true if you dont want it to check it (if the certificate is trusted enough, and URL does not matter). -
HTTPS hostname wrong - wild card?
I have a simple https client that produced the following error message -
" java.io.IOException: HTTPS hostname wrong: should be <test.cat.com>, but cert says <*.cat.com> "
I thought that the * is the wild card,thus test.cat.com should be accepted. Any ideas?
Thanks, Jackok I did exactly that and it's good. However I suggest that you don't return true automatically since it bypass completely the protection. You can easily implement the check for the domain name (which is the current implementation in jsse) and then add the wildcard special cases.
Have fun
Francois -
OPP log shows java.io.IOException: HTTPS hostname wrong:
Hi All -
While running BI Publisher programs in R12.1.3 instance , we are getting below error.
[11/14/11 10:02:33 PM] [UNEXPECTED] [82134:RT731346] java.io.IOException: HTTPS hostname wrong: should be <test0va1.mia.abc.com>
Can anyone please help ?
RegardsThe error is reported in these docs but I do not think it is helpful.
Pdf Export On Worklist Throws HTTPS Hostname Wrong Exception [ID 1118694.
E-IB: Getting "java.io.IOException: HTTPS hostname wrong: should be <*.*.*.*>, but cert says..." on Accessing External Web Service Node over HTTPS [ID 1163124.1]
Encountering excpetion when calling an external Web Service: com.sun.xml.messaging.saaj.SOAPExceptionImpl: Message send failed [ID 1029108.1]
Please log a SR.
Thanks,
Hussein -
Java.io.IOException: HTTPS hostname wrong
Hello
I was trying to open a connection to secure URL and post content to it.
I got the following exception:
java.io.IOException: HTTPS hostname wrong: should be <165.112.121.195>
at sun.net.www.protocol.https.HttpsClient.b(DashoA12275)
Its apparantly because the connection is
com.sun.net.ssl.internal.www.protocol.https.DelegateHttpsURLConnection
not
sun.net.ssl.www.protocol.DelegateHttpsURLConnection
I tried setting the system property
System.setProperty("java.protocol.handler.pkgs","sun.net.www.protocol");
to force JVM to use the newer Delegate.
Its still doent work. I use JDK 1.4.2_05. I deploy my application in OC4J 9.0.4
Interesting thing is, I use this code in two different applications, it works in
one and doen't work in one. Both containers use same JDK. Both are OC4J
containers.
Any thoughts? I would appreciate.
thanks
RaghavanDo you mean?
System.setProperty("java.protocol.handler.pkgs","sun.net.ssl.www.protocol"); -
Web service calling in HTTPS, certificate, hostname wrong
Hi
Im triying to call a web service running in WSO2 Carbon and I cant do it because I was geting a exception asking for a certificate.I had success importing a valid certificate, but now I get the following exception
HTTPS hostname wrong: should be <10.36.15.100>
this ip is the one where the WSO2 Carbon is running with the web service Im calling.
When I consume services running in other places I gat no problem and I can consume the service running in the WsO2 with the SOAP UI, so I dont Know what happend?
Thanks
RayGlad to help.
I actually had a similar problem a few weeks ago. I created a remote enabled FM in our R/3 system that was called by a program in our SRM system. When I ran the FM in R/3 it worked, but from SRM, no joy.
Eventually, I found that I had mispelled a parameter in the calling program. Since, the FM didn't exist in SRM, the calling program couldn't report any syntax error or give a dump. I corrected the spelling and it finally worked.
Rob -
HTTPS hostname verification...
I am using JDK1.3.1 with JSSE 1.0.1. In my dev environment, we installed a trial SSL certificate. But the host name on the certificate is different from the actual host name.
Because of this, I am getting an exception saying that, cetificate host name is different from the server name.
But there is a possiblity that, you can disable this hostname checking. Does anybody know about this.
--BalaMaybe this will help
http://forum.java.sun.com/thread.jsp?forum=60&thread=130200 -
Clean Access HTTP redirect wrong after IP address change
Hi,
Wondered if anyone had seen this:
We have a Clean Access server running in VGW mode for VPN traffic, after a redesign the IP address has changed (the trusted and untrusted are the same).
Unfortunately when a user logs in it still uses the old IP address in the HTTP redirect, this has been confirmed by looking at the HTML source.
Apart from that it looks fine, new SSL certificate etc.
Any ideas apopreciated, thanks.
Jim.For all deployments, if planning to configure the Clean Access Server in Virtual Gateway mode (IB or OOB), do not connect the untrusted interface (eth1) of the standalone CAS or HA-Primary CAS until after you have added the CAS to the CAM from the web admin console. For Virtual Gateway HA-CAS pairs, also do not connect the eth1 interface of the HA-Secondary CAS until after HA configuration is fully complete. Keeping the eth1 interface connected while performing initial installation and configuration of the CAS for Virtual Gateway mode can result in network connectivity issues.
When setting up a CAS in Virtual Gateway mode, you specify the same IP address for the trusted (eth0) and untrusted (eth1) network interfaces during the initial installation of the CAS via CLI. At this point in the installation, the CAS does not recognize that it is a Virtual Gateway. It will attempt to connect to the network using both interfaces, causing collisions and possible port disabling by the switch. Disconnecting the untrusted interface until after adding the CAS to the CAM in Virtual Gateway mode prevents these connectivity issues. Once the CAS has been added to the CAM in Virtual Gateway mode, you can reconnect the untrusted interface.
Administrators must use the procedure mentioned in the below URL for correct configuration of a Virtual Gateway Central Deployment:
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/418/cas/s_instal.html#wp1045874 -
Netstorage wrong hostname & virtual office empty page
Hi,
I updates our oes box (linux) with the latest patches (not sp's) and
ofcourse: Nothing works anymore.
When I login into virtual office, click on the netstorage link, I get the
following message :
NetStorage getData:IOException
URL = https://virtualoffice.<mydomain>:443/oneNet/xtier-login
HTTPS hostname wrong: should be <virtualoffice.<mydomain>
So I thought, because of a newer netstorage version, I only need to change
the link and get rid of the ':443' section.
I login with the admin account, click under administration on the service
link and a beautiful empty screen appears.
Every link under the administration gives an empty page.
So anyone experienced this before?
Can I change the link in a text file or do I really need to change it by use
of the VO administrators links?
Anyone any suggestions?
regards,
PeterPeter,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://support.novell.com/forums)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://support.novell.com/forums/faq_general.html
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
Host name wrong IOexception in HTTPS
Hi everyone,
my little HTTPS client works on www.sun.com, www.microsoft.com ect. but if i set it to access localhost (or "troy" which is the name of my machine), it gives me the following exception:
bash-2.05b$ java -Djavax.net.ssl.trustStore=key1 HTTPSclient
java.io.IOException: HTTPS hostname wrong: should be <localhost>
at sun.net.www.protocol.https.HttpsClient.b(DashoA6275)
at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA6275)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:617)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(DashoA6275)
at HTTPSclient.main(HTTPSclient.java:54)
note, i have already imported my apache's certificate into my java's trust list (the key1 keystore)
is it something do with the HostnameVerifier?
here is some codes in my client:
url = new URL ("https://localhost");
cnx= (HttpsURLConnection)url.openConnection();
InputStream input= cnx.getInputStream();
cnx.setDefaultHostnameVerifier(null) ;
Thank you very much.Hi
I had the same problem, just fixed it.Check the CN name in your certificate,it should be localhost or the server name from where you are hosting.
e.g server name : localhost
your CN name in certificate should be localhost
Hope this will solve your problem Good Luck Pal!
CT
Maybe you are looking for
-
Excel 2007 - Files will not open from outside of Excel 2007
Hello, I'm a new user of Xcelsius 2008, in fact I just had it installed yesterday. The issue I've come across ever since the install, is when I attempt to open an Excel 2007 file from My Documents window (i.e Windows Explorer) a new instance of Exce
-
Apps not automatically updating in iOS 7.1.2. Is anyone else having similar problems?
I have an iPhone 5s, iPad 3, and iPod, but a couple of days ago, my apps quit auto-updating. All devices have iOS 7.1.2. Anyone else having this problem, and is it related to the new release of iOS 8?
-
Can I change the size of just one page in acrobat 9 pro?
Hi, I have acrobat 9 pro. (I think it's great.) I would like the first page to be 57% and the other 63 pages to be 100%. Is that possible? Thanks in advance, Kidd in Paris
-
Problem in using BAPI_SALESORDER_CHANGE
Hi, We are using BAPI_SALESORDER_CHANGE for updating the delivery block information present in Shipping tab of sales order header. We are updating the below parameters and then calling the bapi. ls_header-DLV_BLOCK = 'Z1'. ls_head_update-update
-
JMS Null Characters being added to payload
Hi. I have an application which produces jms messages to a queue. Every message I have created seems to have 4 NULL characters pasted onto the end of the payload. I am experiencing the same issue with deployed applications and those just connecting t