javax.net.ssl.SSLPeerUnverifiedException: Hostname XX.XXX.XX.XX not verified:

Question

Need some assist. Why when i enabled the SSL pinning and Test HTTPS, always getting javax.net.ssl.SSLPeerUnverifiedException error message as below:

JS: Https.request error javax.net.ssl.SSLPeerUnverifiedException: Hostname XX.XXX.XX.XX not verified:
JS: certificate: sha256/hfR9N2GN2WS1NQuHAAnOUc1gVQCf4f4HrhdlfXXP+Ko=
JS: DN: 1.2.840.113549.1.9.1=#16111315727473401578616d706c652e636f6d,CN=localhost,OU=techops,O=Example > Co,L=Boston,ST=MA,C=US
JS: subjectAltNames: []

I have this code:

 let dir = knownFolders.currentApp().getFolder('certificate')
     let certificate = dir.getFile('certificate.pem').path
  Https.enableSSLPinning({ host: 'XX.XXX.XX.XX', certificate, allowInvalidCertificates: true, validatesDomainName: false })
    Https.request({
        url: 'https://XX.XXX.XX.XX:3333/login',
        method: 'GET',
        headers: {
            "Content-type": "application/x-www-form-urlencoded",
        },
    }).then(function (response) {
        console.log('Https.request response', response);
    }).catch(function (error) {
        console.error('Https.request error', error);
    })

Can you ask me any idea please, which is a problem in my code? Or any example how to solution this error?

I'm waiting for your request.

Thanks

Answer 1

Try adding -Djavax.net.debug=ssl:handshake to the JVM parameters. It should give you a better error output.

The only thing that I can see from this is that the server that you are using java to connect to is un-trusted. ie: the certificate on the server is self signed.

If you are using a self signed certificate and want to get around this look at the answer here Accept server's self-signed ssl certificate in Java client the answer by Pascal Thivent is more comprehensive then what I could give you