hostname verification in weblogic

Question

I am getting following error when tried to run my web services client in Weblogic Server, tried various options suggested in various sites

Certificate chain received from aa.aa.abc.com - 123.158.127.108 failed hostname verification check. Certificate contained abc.com but check expected aa.aa.abc.com

One option is to suppress the hostname verification by using following option, which is not preferred option.

-Dweblogic.security.SSL.ignoreHostnameVerification=true
Tried setting Custom Hostname verifier through weblogic Console "weblogic.security.utils.SSLWLSWildcardHostnameVerifier", still getting same error

Tried registering my Custom Hostname verifier through code by writing dummy HostName verifier

 requestCtx.put("com.sun.xml.internal.ws.transport.https.client.hostname.verifier", new HostnameVerifier() {

                                @Override
                                public boolean verify(String hostname,
                                        SSLSession session) {
                                    return true;
                                }
                            });

above code did not help because weblogic seem to be using its own Http handler instead of SUN J2SE implementation, some even suggested to use "-DUseSunHttpHandler=true".

I want to know is there any better way to do programmatically/dynamically so that it will not have any impact on other applications ?

This indicates that the server is set up wrong. Fix the problem at the server side and don't try to weaken TLS by trying to work around a broken server setup. — Steffen Ullrich, Dec 01 '14 at 13:29
Another idea is to add a subject alternate name to your certs so that multiple hostnames will succeed: http://stackoverflow.com/questions/8744607/how-to-add-subject-alernative-name-to-ssl-certs We do this so both the IP address, short host name, and fully qualified hostname are all accepted. No code changes or java params needed — Display Name is missing, Dec 01 '14 at 18:01

score 0 · Answer 1 · answered Dec 01 '14 at 12:51

0

I remember also getting same error. Got thu it with below code snippet Try this.

     url = new URL(urlStr);

     HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();

            conn.setHostnameVerifier(new HostnameVerifier()  
            {        
                public boolean verify(String hostname, SSLSession session)  
                {  
                    return true;  
                }  
            });

answered Dec 01 '14 at 12:51

M Sach

33,416
76
221
314

2

Which in effect accepts any certificate signed by a trusted CA and thus makes you wide open for man-in-the-middle attacks. – Steffen Ullrich Dec 01 '14 at 13:28
we are not directly dealing with HttpsURLConnection , we use jaxws to send SOAP message. – ravthiru Dec 02 '14 at 05:49

hostname verification in weblogic

1 Answers1