Name in certificate does not match hostname
I had deployed the prd for a delimited text driver that would help us mapping resources in Bulk to different roles. However while testing, below is something I found in the catalina logs
+++ Tue Jan 07 09:18:34 PST 2020 USER LOG FROM GEN_V1_DTNA-IDV_UserApp_Create Resource Association_Activity1
------ com.sssw.b2b.rt.GNVException: rt001801:Document I/O error: Name in certificate `qtnaacvdl061.us164.corpintra.net' does not match host name `idmgmt-dtna-test.qa.freightliner.com';
---> nested javax.net.ssl.SSLException: Name in certificate `qtnaacvdl061.us164.corpintra.net' does not match host name `idmgmt-dtna-test.qa.freightliner.com'
2020-01-07 09:18:34,988 ERROR [com.novell.soa.af.impl.LogEvent] (RBPM pool-1-workflow engine-ND-thread-6) [RBPM] [Workflow_Error] Initiated by cn=adminua,ou=sa,o=data, Error Message: Process requestId [a0eb4a79daee49aa8b8d7d361ff668ac], Id [cn=prdLinkResourceToRole,cn=RequestDefs,cn=AppConfig,cn=UserApp,cn=driverset1,o=system], Integration activity [Activity1]: faulted [<?xml version="1.0" encoding="UTF-8"?><m:FaultInfo xmlns:m="http://novell/extendComposer/SystemFault">
<m:ComponentName>GEN_V1_DTNA-IDV_UserApp_Create Resource Association_Activity1</m:ComponentName>
<m:DateTime>Tue Jan 07 09:18:34 PST 2020</m:DateTime>
<m:Message>com.sssw.b2b.rt.GNVException: rt001801:Document I/O error: Name in certificate `hostname of userapp server' does not match host name `vip of our IDM Dashboard';
---> nested javax.net.ssl.SSLException: Name in certificate `hostname of userapp server' does not match host name `vip of our IDM Dashboard'</m:Message>
]., Process ID: a0eb4a79daee49aa8b8d7d361ff668ac, Process Name: cn=prdLinkResourceToRole,cn=RequestDefs,cn=AppConfig,cn=UserApp,cn=driverset1,o=system:15, Activity: Activity1, Recipient: CN=adminua,OU=sa,O=data
This seems to be a certificate issue. We are facing this issue only in lower environment. Its the same environment where we are also facing the issue of "Delete resource requests are not processed in UA driver". @elgiedavis had suggested in one of his blogs that found the issue to be related to the certificates that were created using the ISO install. The certificate will have the IDV server's information, rather than the UserApp server's. Does this issue is also related to the same ?
Any help will be appreciated.
Assuming "idmgmt-dtna-test.qa.freightliner.com" is the hostname of your Identity Apps server, you will need to install a certificate with its CN or subjectAltName set to "idmgmt-dtna-test.qa.freightliner.com" on the Identity Apps tomcat.
To elaborate... With JVM 1.8 and build 120 (?) or so, Java turned on stricter security rules.
Now the host name in the URL must match the Certs Subject Alternate Name. (Not the CN of teh cert, but rather you need to add a Subject Alternate Name extension in the cert. Remember to do the DNS name and the IP address. And it should probably include the local hostname, and then the OSP front end name just to be safe).
You will see this all over the place using Java after that security setting was switched on everyone.