vinayakbirla1
New Member.
154 views

Name in certificate does not match hostname

I had deployed the prd for a delimited text driver that would help us mapping resources in Bulk to different roles. However while testing, below is something I found in the catalina logs

 

+++ Tue Jan 07 09:18:34 PST 2020 USER LOG FROM GEN_V1_DTNA-IDV_UserApp_Create Resource Association_Activity1

------ com.sssw.b2b.rt.GNVException: rt001801:Document I/O error: Name in certificate `qtnaacvdl061.us164.corpintra.net' does not match host name `idmgmt-dtna-test.qa.freightliner.com';

        ---> nested javax.net.ssl.SSLException: Name in certificate `qtnaacvdl061.us164.corpintra.net' does not match host name `idmgmt-dtna-test.qa.freightliner.com'

 

2020-01-07 09:18:34,988 ERROR [com.novell.soa.af.impl.LogEvent] (RBPM pool-1-workflow engine-ND-thread-6) [RBPM] [Workflow_Error] Initiated by cn=adminua,ou=sa,o=data, Error Message: Process requestId [a0eb4a79daee49aa8b8d7d361ff668ac], Id [cn=prdLinkResourceToRole,cn=RequestDefs,cn=AppConfig,cn=UserApp,cn=driverset1,o=system], Integration activity [Activity1]: faulted [<?xml version="1.0" encoding="UTF-8"?><m:FaultInfo xmlns:m="http://novell/extendComposer/SystemFault">

<m:ComponentName>GEN_V1_DTNA-IDV_UserApp_Create Resource Association_Activity1</m:ComponentName>

<m:DateTime>Tue Jan 07 09:18:34 PST 2020</m:DateTime>

<m:MainCode>-1</m:MainCode>

<m:SubCode>1</m:SubCode>

<m:Message>com.sssw.b2b.rt.GNVException: rt001801:Document I/O error: Name in certificate `hostname of userapp server' does not match host name `vip of our IDM Dashboard';

        ---&gt; nested javax.net.ssl.SSLException: Name in certificate `hostname of userapp server' does not match host name `vip of our IDM Dashboard'</m:Message>

</m:FaultInfo>

]., Process ID: a0eb4a79daee49aa8b8d7d361ff668ac, Process Name: cn=prdLinkResourceToRole,cn=RequestDefs,cn=AppConfig,cn=UserApp,cn=driverset1,o=system:15, Activity: Activity1, Recipient: CN=adminua,OU=sa,O=data

This seems to be a certificate issue. We are facing this issue only in lower environment. Its the same environment where we are also facing the issue of "Delete resource requests are not processed in UA driver". @elgiedavis had suggested in one of his blogs that found the issue to be related to the certificates that were created using the ISO install. The certificate will have the IDV server's information, rather than the UserApp server's. Does this issue is also related to the same ?

 

Any help will be appreciated.


Thanks

Vin

Labels (1)
0 Likes
2 Replies
Micro Focus Expert
Micro Focus Expert

Re: Name in certificate does not match hostname

Assuming "idmgmt-dtna-test.qa.freightliner.com" is the hostname of your Identity Apps server, you will need to install a certificate with its CN or subjectAltName set to "idmgmt-dtna-test.qa.freightliner.com" on the Identity Apps tomcat.

--
Norbert
0 Likes
Knowledge Partner
Knowledge Partner

Re: Name in certificate does not match hostname

To elaborate...  With JVM 1.8 and build 120 (?) or so, Java turned on stricter security rules.

Now the host name in the URL must match the Certs Subject Alternate Name.  (Not the CN of teh cert, but rather you need to add a Subject Alternate Name extension in the cert.  Remember to do the DNS name and the IP address.  And it should probably include the local hostname, and then the OSP front end name just to be safe). 

 

You will see this all over the place using Java after that security setting was switched on everyone.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.