CertificateException: No subject alternative DNS name found

Subject: CertificateException: No subject alternative DNS name found
Author: authen
In response to: SunCertPathBuilderException: unable to find valid certification path to requested target
Posted on: 07/03/2007 07:13:57 PM

In order to prevent man-in-the-middle attacks, the client MUST use the server hostname as expressed in the server's certificate, which is also referred to subject and is, most likely, in form of full NDS name.

env.put(Context.PROVIDER_URL, "ldap://myServerInDnsFullName:389");

Otherwise, you would get somethings like this:

javax.net.ssl.SSLPeerUnverifiedException: hostname of the server 'myServer' does not match the hostname in the server's certificate.
at com.sun.jndi.ldap.ext.StartTlsResponseImpl.verify(StartTlsResponseImpl.java:437)
at com.sun.jndi.ldap.ext.StartTlsResponseImpl.negotiate(StartTlsResponseImpl.java:216)
at com.sun.jndi.ldap.ext.StartTlsResponseImpl.negotiate(StartTlsResponseImpl.java:161)
at com.rli.slapd.client.ExternalTSLJndiClient.main(ExternalTSLJndiClient.java:122)
Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching myServe found.
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:193)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:77)
... 3 more

>
> On 07/03/2007 07:12:25 PM authen wrote:

If you do not have the correct trust store to verify server's certificate,
System.setProperty("javax.net.ssl.trustStore", "myTrustStore");

you would get somethings like this:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1522)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:180)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:861)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:111)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:509)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:447)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:822)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1034)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1061)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1045)
at com.sun.jndi.ldap.ext.StartTlsResponseImpl.startHandshake(StartTlsResponseImpl.java:344)
at com.sun.jndi.ldap.ext.StartTlsResponseImpl.negotiate(StartTlsResponseImpl.java:208)
at com.sun.jndi.ldap.ext.StartTlsResponseImpl.negotiate(StartTlsResponseImpl.java:161)

References:

Next Post: AuthenticationException: The server did not receive any credentials via TLS authen 07/03/2007 07:27:50 PM
Previous Post: SunCertPathBuilderException: unable to find valid certification path to requested target authen 07/03/2007 07:12:25 PM
Next Topic: Please help me about password policy control ml002 07/16/2007 05:50:18 AM
Previous Topic: StartTLS - Code Example: Explicit Assertion of Client's Authorization Identity authen 07/03/2007 06:28:27 PM
Index: by Date
Index: by Topic