javax.net.ssl.SSLPeerUnverifiedException: Certificate for doesn't match any of the subject alternative names: [*.t.n.c.com]

Asked Aug 25 '23 at 07:05

Active Aug 25 '23 at 07:46

Viewed 31 times

Why I'm getting this error, while the host I'd like to establish the ssl connection with matches the wildcard from the Alternative names field of the certificate?

We use

    <dependency>
        <groupId>org.apache.httpcomponents</groupId>
        <artifactId>httpclient</artifactId>
        <version>4.5.9</version>
    </dependency>

asked Aug 25 '23 at 07:05

Eljah

4,188
4
41
85

1

**It doesn't match.** _In a cert_ wildcard '*' matches only _one_ DNS level (or formally label), not multiple and not zero. See [RFC6125](https://datatracker.ietf.org/doc/html/rfc6125#section-6.4.3) and if HTTPS [RFC2818](https://datatracker.ietf.org/doc/html/rfc2818#section-3.1) – dave_thompson_085 Aug 25 '23 at 07:17
@dave_thompson_085 please post that as the official answer! – Eljah Aug 25 '23 at 07:22

javax.net.ssl.SSLPeerUnverifiedException: Certificate for doesn't match any of the subject alternative names: [*.t.n.c.com]

0 Answers0

Linked