0

I am using using a java library that is making a HTTP connection to an endpoint that I provide it. The library is using apache DefaultHTTPClient and I cannot change this or modify the code in any way (I know how to solve this if I create the instance of the HTTP client but I don't have access to this). It is throwing SSL exceptions when connecting to the endpoint. I have to use HTTPS and I have to use the IPs (connecting to multiple IPs with the same cert). The error I am getting is:

javax.net.ssl.SSLException: Certificate for <IP> doesn't match common name of the certificate subject: domainname

Where IP and domainname are replaced with the specific IP and domain name of the cert.

I thought if I add the ips and hostname to my /etc/hosts file this would work but I am still getting the exception. Is there anyway top map the IPs to the hostname so the cert will be accepted? Is there anything that can be done at the JVM or even at the linux level?

Thanks

devo
  • 1,290
  • 1
  • 15
  • 28
  • Based on your comment on my question you actually need a custom DNS resolver, i.e. keep the hostname in the request but let it resolve to a specific IP address in your code. – Steffen Ullrich Mar 30 '20 at 14:34

1 Answers1

0

Is there anyway top map the IPs to the hostname so the cert will be accepted?

It has to be done the other way around. You have to use the hostname in the application and not the IP address since it is expecting the subject of the certificate to match the given hostname. You can map the hostname to the relevant IP address in your hosts file though so that it uses the IP address you want.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • The problem is that I need to hit each individual ip because I am getting information from that specific ip. – devo Mar 30 '20 at 13:33