Highlighted
Absent Member.
Absent Member.
2586 views

UCMDB-api access using https- issues

Jump to solution

Hi,

 

 I have UCMDB / UCMDBService and ucmdb-api access enabled over HTTPS.

 

I am trying to use ucmdb-api  and fetch UCMDBServiceProvider

 

provider = UcmdbServiceFactory.getServiceProvider(protocol,ucmdbHostName, PORT);

 

I have adde the certificate in cacerts file for connection to ucmdbHost on 8443 port.

 

Still When I use provider = UcmdbServiceFactory.getServiceProvider(protocol,ucmdbHostName, PORT); Iam getting the following error. Is this a bug in ucmdb-api code or do I need to do something else for cacerts entry

 

Error

 

 

Exception in thread "main" com.hp.ucmdb.api.CommunicationException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching d-xxxxx found
at com.hp.ucmdb.api.UcmdbServiceFactory.createHttpServiceProviderFactory(UcmdbServiceFactory.java:144)
at com.hp.ucmdb.api.UcmdbServiceFactory.getHttpServiceProviderFactory(UcmdbServiceFactory.java:95)
at com.hp.ucmdb.api.UcmdbServiceFactory.getHttpServiceProvider(UcmdbServiceFactory.java:88)
at com.hp.ucmdb.api.UcmdbServiceFactory.getServiceProvider(UcmdbServiceFactory.java:84)

Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching d-xxxxx found
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
at com.hp.ucmdb.api.UcmdbServiceFactory.submitHTTPRequest(UcmdbServiceFactory.java:173)
at com.hp.ucmdb.api.UcmdbServiceFactory.connect(UcmdbServiceFactory.java:156)
at com.hp.ucmdb.api.UcmdbServiceFactory.createHttpServiceProviderFactory(UcmdbServiceFactory.java:130)
... 6 more
Caused by: java.security.cert.CertificateException: No name matching d-xxxxx found
at sun.security.util.HostnameChecker.matchDNS(Unknown Source)
at sun.security.util.HostnameChecker.match(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 20 more
]}
LOG EVENT {Description=[Exception in thread "main" com.hp.ucmdb.api.CommunicationException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching d-xxxxx found
at com.hp.ucmdb.api.UcmdbServiceFactory.createHttpServiceProviderFactory(UcmdbServiceFactory.java:144)
at com.hp.ucmdb.api.UcmdbServiceFactory.getHttpServiceProviderFactory(UcmdbServiceFactory.java:95)
at com.hp.ucmdb.api.UcmdbServiceFactory.getHttpServiceProvider(UcmdbServiceFactory.java:88)
at com.hp.ucmdb.api.UcmdbServiceFactory.getServiceProvider(UcmdbServiceFactory.java:84)

Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching d-xxxxx found
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
at com.hp.ucmdb.api.UcmdbServiceFactory.submitHTTPRequest(UcmdbServiceFactory.java:173)
at com.hp.ucmdb.api.UcmdbServiceFactory.connect(UcmdbServiceFactory.java:156)
at com.hp.ucmdb.api.UcmdbServiceFactory.createHttpServiceProviderFactory(UcmdbServiceFactory.java:130)
... 6 more
Caused by: java.security.cert.CertificateException: No name matching del-xxxxx found
at sun.security.util.HostnameChecker.matchDNS(Unknown Source)
at sun.security.util.HostnameChecker.match(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)

 

 

P.S. This thread has been moved from Application Perf Mgmt (BAC / BSM) Support and News Forum to CMS and Discovery Support and News Forum. - Hp Forum Moderator

 

Tags (1)
0 Likes
1 Solution

Accepted Solutions
Highlighted
Absent Member.
Absent Member.

Re: UCMDB-api access using https- issues

Jump to solution

What I have done is that I accept the trust source for the hostname / ip address of UCMDBServer as valid true by default if a UCMDB url is good and then ask for provider.

 

I have added various validations to be sure that i connect to proper service and versions with valid credentials.

 

Thanks for the reply. I wil try your solution next week and update the discussion.

 

Code i have used in static block

 

javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
new javax.net.ssl.HostnameVerifier(){

 

public boolean verify(String hostname,
javax.net.ssl.SSLSession sslSession) {
   if (hostname.equals(USER_INPUT_UCMDB_HOSTNAME)) {
       return true;
     }
  return false;
}
});

View solution in original post

0 Likes
3 Replies
Highlighted
Super Contributor.
Super Contributor.

Re: UCMDB-api access using https- issues

Jump to solution

You should add initSSL before getting service provider - see example below

 

 UcmdbServiceFactory.initSSL();

provider = UcmdbServiceFactory.getServiceProvider("https", host, port);

 

Also, you need to check if certificates were issued to valid host names.

 

regards

Gregory

Highlighted
Absent Member.
Absent Member.

Re: UCMDB-api access using https- issues

Jump to solution

What I have done is that I accept the trust source for the hostname / ip address of UCMDBServer as valid true by default if a UCMDB url is good and then ask for provider.

 

I have added various validations to be sure that i connect to proper service and versions with valid credentials.

 

Thanks for the reply. I wil try your solution next week and update the discussion.

 

Code i have used in static block

 

javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
new javax.net.ssl.HostnameVerifier(){

 

public boolean verify(String hostname,
javax.net.ssl.SSLSession sslSession) {
   if (hostname.equals(USER_INPUT_UCMDB_HOSTNAME)) {
       return true;
     }
  return false;
}
});

View solution in original post

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: UCMDB-api access using https- issues

Jump to solution
Hi,
I am using api-interfaces-8.jar from ucmdb-api-80.war. To be precise api-interfaces-80-9.0.0.723.jar is the exact file. but I don't see any public method for initSSL() as UcmdbServiceFactory.initSSL(); I am accepting my solution.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.