7

Hi team i found below exception when calling an api

https://abc_xyz.stg.myweb.com/api/AuthorizedUser?username=admin&password=admin

java.security.cert.CertificateException: Illegal given domain name

when getting response from server using Jersey. Everything is fine when i get response from postman.

Why it is illegal domain name, whether browser not refuse to open this.

If my domain name not contains underscore then this exception is not rising. Is this problem of underscore in domain name?

Nitin Parashar
  • 227
  • 3
  • 13

3 Answers3

9

In case anyone see this issue again. This issue is caused by an old jdk that thinks an underscore is invalid as the sub domain name, which in a later version has been removed from the jdk. So in short upgrade jdk version will solve this issue.

homaxto
  • 5,428
  • 8
  • 37
  • 53
jacob
  • 106
  • 2
7

In case someone see this issue again and don't want to change jdk version, it is possible to disable the SSL Host name verification (and it is not the good solution but sometimes it is not possible to avoid this..) :

    HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
        public boolean verify(String hostname, SSLSession session) {
            return true;
        }
    });
Fabien MIFSUD
  • 335
  • 5
  • 14
  • 1
    +1 but it could be insecure way. ref: [How to resolve Insecure HostnameVerifier](https://support.google.com/faqs/answer/7188426?hl=en) – geunho Sep 28 '22 at 04:44
0

I had the same issue, and couldn't update jdk nor wanted disable ssl host name verification. Changing the underscore character in the name to a dash ('-' instead of '_') worked perfectly. Apparently dash and underscore are evaluated the same.

Tigris
  • 133
  • 8
  • That's not true – Chad Mar 17 '21 at 15:44
  • I just ran into this same issue. I can confirm that simply replacing '_'s with '-'s in my URL did NOT work. I had to actually register the alternate DNS name to get things working. – CryptoFool Mar 02 '22 at 01:44