What does IO Exception "Server Certificate subjectDN CommonName received does not match Server hostname" mean?

Similar Messages

• Server certificate verification failed: issuer is not trusted

  Tried to sign in to a couple of websites lately and got this message:
  Server certificate verification failed: issuer is not trusted
  What is going on and how do you fix?

  hello, unfortunately this is an issue caused by the website, which uses an intermediary certificate but doesn't properly [https://www.ssllabs.com/ssltest/analyze.html?d=https%3A%2F%2Fphp.net%2F&hideResults=on implement a trusted path to the root certificate authority].
  in order to work around that you'd have to manually install the missing certificate and trust it to verify websites in firefox: https://ssl-tools.net/certificates/a1e08f9a6a21691dc96bc3b9fa59a7cadd6d4cc4.pem

• One server certificate for one application? not for whole WebServer

  Hello,
  I am using SSL for the server- and clieint authtication. It works fine. But this authtication works for all applcations in this Webserver. How can I make it only for one application available? or one server certifiate for a certain application?
  Example:
  Config:
  <Connector port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="true" sslProtocol="SSL" keystoreFile="C:\temp\keystore\server\server.keystore" keystorePass="changeit" truststoreFile="C:\temp\keystore\server\trust.keystore" truststorePass="changeit"/>
  and all application used same server certificate:
  like: https://localhost:8443/myapp1
  https://localhost:8443/myapp2
  used same server certificate.
  How can I make one certificate for one application?
  thanks

  and I am using Tomcat 5.0 standalone

• Using Server Admin with Leopard 10.5 (not the server version)

  I have recently downloaded the Server Admin and would like to use the xgrid function. I am running Leopard 10.5 (not the server version). Is it possible to set up a server functions to use just xgrid with Server Admin and the Leopard 10.5 non server version system software. I want to set up a really small computer cluster between my macbook and imac. My problem is that I cannot seem to get a server started so I can select which functions I want to turn on (such as the xgrid). Thanks in advance for any suggestions.

  I tried several options from the link you suggested, by the xgrid lite seems to be for 10.4 Tiger. I have not been able to make it work for Leopard. Any suggestions?

• Why does Photoshop Elements 10 print dark and red, and not match the computer screen?

  I switched from Photoshop Elements 7 to Photoshop Elements 10.  I cannot get a print of a photo that matches the screen.  Photos are dark and red.  I cannot edit the photos because I do not know what will print out.   I have switched back to Photoshop 7 and my photos print fine, just as they have been edited.  I have spent hours on the Chat line with Adobe.  They have yet to help me resolve this problem.  Does anyone else have this problem or know what to do?  Adobe sure doesn't. I feel I have wasted money and am afraid to ever upgrade again.

  If you are using Photoshop Elements Editor for printing then make sure you have handled the color management of PSE correctly.
  There are two different scenario available in PSE to handle color management.
  Scenario 1 (When printer manages color). If you're known and familiar to your printer profile, the type of paper you are using and if you have any other customization done for your printer profile then in this case please select Printer Manages Color in Color Handling drop down under color management of PSE.
  To achieve this, follow these following steps.
  1. Launch Print dialog.
  2. Click on "More Options..." button.
  3. Now select Color management.
  4. Here you can see the Color Handling drop down. Please select Printer Manages Color.
  Note:- Use this scenario when you are sure a about your printer profile and settings.
  Scenario 2 (When Photoshop Elements handle color). In case you want PSE to handle all color management then please select Photoshop Elements Manages Color in Color Handling drop down. Then select the same printer profile as Image space.
  Note:- If you are using this option, make sure the color management of your Printer is off.
  Hope this will help you.

• OSX Server as spam filter only and not mail server?

  We have a mail server runnning on a Sun RAQ 550. I was wondering if I could set up OSX server 10.3.9 for spam filtering only. That is, filter spam for our domain, but have not have any accounts set up on it. Is this possible?
  Thanks in advance.

  Sorry, don't mean to be rude, but this has been answered about 5 times on this board. This is what the search function is for.
  Anyway, here we go again:
  Yes it is possible. 10.4.x has all you need. For 10.3.x you will have to manually install amavisd, spamassassin and clamAV. How-to has been discussed as well here and on http://www.afp548.com
  Once you have it everything installed, it is a matter of tweaking a few configuration files to forward scanned mail to your actual mail server.

• Hostname Verification failed for certificate with CommonName 'gawlsdev02.ss

  Hi All,
  I want to know the meaning and the reason of this exception:
  <Jun 17, 2010 2:05:52 PM EDT> <Warning> <Security> <BEA-090504> <Certificate chain received from gawlsdev02 - 147.141.83.104 failed
  hostname verification check. Certificate contained gawlsdev02.ssga.statestr.com but check expected gawlsdev02>
  <Jun 17, 2010 2:05:52 PM EDT> <Debug> <TLS> <000000> <Hostname Verification failed for certificate with CommonName 'gawlsdev02.ssga.
  statestr.com' against hostname: gawlsdev02>
  thanks in advance.

  When Webloigic Server tries to validate the certificate, it compares te CN of the certificate with the hostname from where the request is coming from.
  If they don't match, hostname verfication fails and SSL connection is not established.
  In your case I see the CN is gawlsdev02.ssga.statestr.com whereas WLS is expecting it to be gawlsdev02.
  U can use this option to ignore host name verification
  -Dweblogic.security.SSL.ignoreHostnameVerification=true
  To know about other SSL issues, u can refer this
  http://weblogic-wonders.com/weblogic/2010/01/28/troubleshooting-ssl-issues/
  -Faisal

• Server certificate

  Hi
  How to use "server certificate" to develop HTTPS or SSL proxy server.Can any one give me detail in steps.

  no U cannot . Request Verisign for another trial certificate. They provide
  asmany as u want. The only problem is that it expires in 14 days.
  Sameer
  ramesh wrote:
  Hi,
  Certificates are associated with machine names. You cannot use Certificates
  generated by/for one machine in/on another machine.
  I hope I am right.
  Ramesh
  "R1" <[email protected]> wrote in message
  news:[email protected]..
  I installed a trial server certificate from verisign on a Netscape
  Server Enterprise 4.0. I would like to duplicate this certificate on
  another server. Is it possible?
  Thanks

• DSEE Server certificate required on client side?

  I have DSEE 6.3 working in my environment but I am not sure it's configured as it should be....
  I am using tls:simple and everything works, the certificate store is setup with
  the CA and LDAP server certificates on both the LDAP servers and clients.
  Questions:
  - I was expecting the LDAP client to only require the CA certificate however that didn't work!?
  - Shouldn't the server present the server certificate and the client would accept it by validating against the CA certificate? Why would it need to have the server certificate as well?
  - If I deploy the LDAP server certificates to the clients will they all need to be replaced/updated when the server certificate expires?
  Additional info:
  My DSEE server is configured to NOT accept certificate based client authentication.
  All my certificates are valid when I check them with certutil -V
  Edited by: smorris@ on Jan 5, 2009 8:58 PM

  Hi,
  I ended up getting a certificate signed by my internal CA and it worked just as expected.
  I can only assume my CA certificate wasn't actually a CA...
  Checking the output of the commands you suggested clearly shows this - I must have been blind when I ran this last time (or looking at a different cert).
  I guess my question should now be - why was the certificate I created not a valid CA?
  Create CA:
  CA.sh -newca
  Create certdb:
  /usr/sfw/bin/certutil -A -n test-ca -t TC,, -d . -i testca.pem
  Certutil output on this CA:
  /usr/sfw/bin/certutil -d . -L
  test-ca CT,,
  /usr/sfw/bin/certutil -V -e -l -u V -d . -n test-ca
  test-ca : Issuer certificate is invalid.
  /usr/sfw/bin/certutil -d . -L -n test-ca
  Certificate:
  Data:
  Version: 3 (0x2)
  Serial Number: 0 (0x0)
  Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
  Issuer: "<snip>"
  Validity:
  Not Before: Mon Dec 08 01:57:47 2008
  Not After : Tue Dec 06 01:57:47 2016
  Subject: "<snip>"
  Subject Public Key Info:
  Public Key Algorithm: PKCS #1 RSA Encryption
  RSA Public Key:
  Modulus:
            <snip>
  Exponent: 65537 (0x10001)
  Signed Extensions:
  Name: Certificate Basic Constraints
  Data: Is not a CA.
  Name: Certificate Comment
  Comment: "OpenSSL Generated Certificate"
  Name: Certificate Subject Key ID
  Data:
  <snip>
  Name: Certificate Authority Key Identifier
  Key ID:
  <snip>
  Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
  Signature:
       <snip>
  Fingerprint (MD5):
  <snip>
  Fingerprint (SHA1):
  <snip>
  Certificate Trust Flags:
  SSL Flags:
  Valid CA
  Trusted CA
  Trusted Client CA
  Email Flags:
  Object Signing Flags:
  Edited by: smorris@ fixed format

• SSL Server Certificate

  Hi All,
  I am configuring Maintenance Optimizer in SAP Solution Manager 7.1 SP3.
  Is it mandatory to have SSL Server Certificate ?
  And if yes why SSL Server Certificate is needed?
  And if no can i proceed with the Configuration of Maintenance Optimizer?
  Kindly Suggest.
  Thanks
  Ishan

  Hi ishansangai1
  i) Is it mandatory to have SSL Server Certificate ?
  No, you dont required SSL for MOPZ ,
  SSL is different and MOPZ is different
  SSL - is for trusted certificate
  MOPZ- is used to approve support packages to download
  ii) And if no can i proceed with the Configuration of Maintenance Optimizer?
  yes proceed to configuration of MOPZ , find docs in service market place or SDN

• Certificate error - Hostname and Subject do not match

  Hi,
  SCOM: 2012 R2 UR4
  At installing agent on RedHat 6.6 I get the following error:
  Agent verification failed. Error detail: The server certificate on the destination computer (eapp202p.mydomain.net:1270) has the following errors:
  The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.     
  The SSL certificate contains a common name (CN) that does not match the hostname.
  The "hostname" command at linux generates: eapp202p.mydomain.net
  The "openssl x509 -noout -in /etc/opt/microsoft/scx/ssl/scx.pem -subject -issuer -dates" command at linux ( http://technet.microsoft.com/en-us/library/dd891009) generates: subject=eapp201p.mydomain.net.
  The above article states the following:
  If the UNIX or Linux hostname is incorrect, do one of the following:
  Change the hostname on the UNIX or Linux host to the correct one and create a new certificate.
  Create a new certificate with the desired hostname.
  The linux admin says it is impossible change the hostname.
  The question is:
  How to create a new certificate with the desired hostname?
  Thanks in advance!

  What version of the OS, X64 or X86, are you trying to install the agent on? Currently it looks like you have the X86 version installed. If this is truly a X64 bit version of the OS you need to remove the X86 bit version of the SCX agent. [rpm -e scx] then
  install the X64 bit version [rpm -ivh scx-1.5.1-138.rhel.6x64.rpm].
  Once you get that resolved look and see if you have the scxsslconfig file under /opt/microsoft/scx/bin/tools [ls -al /opt/microsoft/scx/bin/tools/scxsslconfig]. If it's there try running it as mentioned in my first post.
  Regards,
  -Steve

• OS X Server 10.9.x Client will not bind to LDAP/OD Server 10.9.x

  I've done multiple server updates, installs etc. with no luck.
  I cannot get OS X Maverick 10.9.x clients to bind to a OS X Server Maverick 10.9.x Open Directory LDAP. I've tried clients & server installs of 10.9.1 , .2, & .3 with no luck. When I go to bind I get the mesage seen below. I know it's connecting because if I pruposly put in a wrong password for the "diradmin" user it tells me that credentials are wrong. If I put in the correct password I get this message.
  The funny thing is that I still have setup two test servers with 10.7 & 10.8 server and clients of all version bind like they should. The issue is only with Mavericks Server 10.9.x
  With searching around in Apple Disscussions I've seen articles that talk about changing DNS to the Mac Server which has not helped me plus we have DNS server in our network already so I do not wish to add more.
  Anyone else having this issue?
  Thank you!

  Many Open Directory problems can be resolved by taking the following steps. Test after each one, and back up all data before making any changes.
  1. The OD master must have a static IP address on the local network, not a dynamic address.
  2. You must have a working DNS service, and the master's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. On the Accessing your Server sheet, change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.
  3. The primary DNS server used by the master must be 127.0.0.1 (that is, itself) unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.
  4. Follow these instructions to rebuild the Kerberos configuration on the master.
  5. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases.
  6. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.
  7. Reboot the master and the clients.
  8. Don't log in to the server with a network user's account.
  9. Export all OD users, delete them, turn off OD, turn it back on, and import. Ensure that the UID's are in the 1001+ range.

• Adobe Content Server 4.1 - Cound not find server's private key in the keystore

  Hello,
  I have getting following error when i setup fulfillment services of Adobe Content Server 4.1.1
  type Exception report
  message
  description The server encountered an internal error () that  prevented it from fulfilling this request.
  exception
  javax.servlet.ServletException: Servlet execution threw an exception
  root cause
  java.lang.Error: Cound not find server's private key in the keystore
       com.adobe.adept.fulfillment.security.ServerConfig.init(ServerConfig.java:156)
       com.adobe.adept.fulfillment.security.ServerConfig.getSigningURL(ServerConfig.java:48)
       com.adobe.adept.fulfillment.servlet.FulfillmentServerStatus.getServers(FulfillmentServerStatus.java:34)
       com.adobe.adept.common.servlet.Status.checkUp(Status.java:355)
       com.adobe.adept.common.servlet.Status.doGet(Status.java:424)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
  note The full stack trace of the root cause is available in the  Apache Tomcat/6.0.20 logs.
  My fulfillment-conf.txt contains following:
  com.adobe.adept.log.level=trace
  com.adobe.adept.log.file=C:\acs4\log\fulfillment.log
  com.adobe.adept.persist.sql.driverClass=com.mysql.jdbc.Driver
  com.adobe.adept.persist.sql.dialect=mysql
  com.adobe.adept.persist.sql.connection=jdbc:mysql://127.0.0.1:3306/adept
  com.adobe.adept.persist.sql.user=acesdbuser
  com.adobe.adept.persist.sql.password=******
  com.adobe.adept.serviceURL=http://127.0.0.1:8080/fulfillment
  com.adobe.adept.fulfillment.security.licensesignURL=https://nasigningservice.adobe.com/licensesign
  com.adobe.adept.fulfillment.security.keystore=pkcs12
  com.adobe.adept.fulfillment.security.pkcs12.file=file:///C:/ACS4/operator.p12
  com.adobe.adept.fulfillment.security.keystore.user=operator4acs
  com.adobe.adept.fulfillment.security.keystore.password=******
  Any Idea?
  Regards,

  Are you sure you created the .p12 file with the correct '-name' friendly name? The value for -name must match the value com.adobe.adept.fulfillment.security.keystore.user

• CSD Load Data Full completing with Could not find server for data domain Error

  Hi,
  We have installed the Oracle Ebusiness suite extension with Endeca following the Oracle Support note : 1562372.1.
  We found that the CSD Load Data Full completing with below error :
  Element [ENDECA_MERGE_RECORDS0:Bulk Add/Replace Records]-Component pre-execute initialization failed.
          at org.jetel.graph.Node.run(Node.java:446)
          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
          at java.lang.Thread.run(Thread.java:722)
  Caused by: Failed with the following exception:
          java.rmi.RemoteException: Could not find server for data domain Error connecting to the Endeca Server. If applicable, ensure your SSL settings are correct; nested exception is:
          org.apache.axis2.AxisFault: Could not find server for data domain
          at com.endeca.clover.adapters.BaseAdapter.preExecute(BaseAdapter.java:155)
          at org.jetel.graph.Node.run(Node.java:444)
          ... 3 more
  Caused by: java.rmi.RemoteException: Could not find server for data domain Error connecting to the Endeca Server. If applicable, ensure your SSL settings are correct; nested exception is:
          org.apache.axis2.AxisFault: Could not find server for data domain
          at com.endeca.clover.adapters.DIWSConsumer.initIngestStub(DIWSConsumer.java:99)
          at com.endeca.clover.adapters.DIWSConsumer.<init>(DIWSConsumer.java:45)
          at com.endeca.clover.adapters.merge.MergeRecordsConsumer.<init>(MergeRecordsConsumer.java:51)
          at com.endeca.clover.adapters.merge.UpsertRecordsConsumer.<init>(UpsertRecordsConsumer.java:36)
          at com.endeca.clover.adapters.merge.MergeRecordsAdapter.getConsumer(MergeRecordsAdapter.java:110)
          at com.endeca.clover.adapters.DIWSAdapter.createConsumerThreads(DIWSAdapter.java:56)
          at com.endeca.clover.adapters.BaseAdapter.preExecute(BaseAdapter.java:146)
          ... 4 more
  Caused by: org.apache.axis2.AxisFault: Could not find server for data domain
          at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:446)
          at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:371)
          at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)
          at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
          at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
          at com.endeca.dataingest.axis2.ingest.IngestStub.ingestChanges(IngestStub.java:791)
          at com.endeca.clover.adapters.DIWSConsumer.initIngestStub(DIWSConsumer.java:88)
          ... 10 more
  Kindly request your help in resolving this error.

  Hi,
  We have installed the Oracle Ebusiness suite extension with Endeca following the Oracle Support note : 1562372.1.
  We found that the CSD Load Data Full completing with below error :
  Element [ENDECA_MERGE_RECORDS0:Bulk Add/Replace Records]-Component pre-execute initialization failed.
          at org.jetel.graph.Node.run(Node.java:446)
          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
          at java.lang.Thread.run(Thread.java:722)
  Caused by: Failed with the following exception:
          java.rmi.RemoteException: Could not find server for data domain Error connecting to the Endeca Server. If applicable, ensure your SSL settings are correct; nested exception is:
          org.apache.axis2.AxisFault: Could not find server for data domain
          at com.endeca.clover.adapters.BaseAdapter.preExecute(BaseAdapter.java:155)
          at org.jetel.graph.Node.run(Node.java:444)
          ... 3 more
  Caused by: java.rmi.RemoteException: Could not find server for data domain Error connecting to the Endeca Server. If applicable, ensure your SSL settings are correct; nested exception is:
          org.apache.axis2.AxisFault: Could not find server for data domain
          at com.endeca.clover.adapters.DIWSConsumer.initIngestStub(DIWSConsumer.java:99)
          at com.endeca.clover.adapters.DIWSConsumer.<init>(DIWSConsumer.java:45)
          at com.endeca.clover.adapters.merge.MergeRecordsConsumer.<init>(MergeRecordsConsumer.java:51)
          at com.endeca.clover.adapters.merge.UpsertRecordsConsumer.<init>(UpsertRecordsConsumer.java:36)
          at com.endeca.clover.adapters.merge.MergeRecordsAdapter.getConsumer(MergeRecordsAdapter.java:110)
          at com.endeca.clover.adapters.DIWSAdapter.createConsumerThreads(DIWSAdapter.java:56)
          at com.endeca.clover.adapters.BaseAdapter.preExecute(BaseAdapter.java:146)
          ... 4 more
  Caused by: org.apache.axis2.AxisFault: Could not find server for data domain
          at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:446)
          at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:371)
          at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)
          at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
          at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
          at com.endeca.dataingest.axis2.ingest.IngestStub.ingestChanges(IngestStub.java:791)
          at com.endeca.clover.adapters.DIWSConsumer.initIngestStub(DIWSConsumer.java:88)
          ... 10 more
  Kindly request your help in resolving this error.

• Server name SSL does not match subject of certificate Server-Cert

  Sun Java System Web Server 7.0U1 B06/12/2007 22:13
  We see the following warning in the startup log everytime. We have been ignoring this for awhile now since SSL is working fine and browsers don't complain. But recently we found some mobile browsers are not happy with our SSL pages. So we are thinking this may be the casue.
  warning ( 3256): CORE1251: On HTTP listener http-listener-2, server name SSL does not match subject "www.ourdomain.com" of certificate Server-Cert.
  What does this warning really mean? Do we need to rename the server name "SSL" to match the domain name?
  Thanks

  AFAIK That warning is a result of the fact that the hostname doesn't match the certificate.
  The cert has a Common Name (CN) attribute of the certificate's Subject Name or Subject Alternative Name (SAN) of type DNS name
  should match with the server's DNS name.
  hostname == machines name
  I don't know if we need to change the instances server name as well.
  I will try on my machine and and will let you know.
  Are you sure this warning is the source of your problem? Look at what Joe has written :
  "If most of your users are not getting browsers complaining of a mis-match then this is likely not the source of your mobile device problem."
  Which mobile model and browsers are you getting complains from? We can try testing it here.