Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Hostname in certificate didn't match

Avatar

Level 3

Hi All,

 

I am using AEM 6.5. Recently I upgraded the service package from 6.5.7 to the 6.5.11. The I find my Dispatcher Flush can't work anymore. I have two apache server apache1 and apache2, so I configured two dispatcher flush.

 In the 6.5.7, the dispatcher flush was woring. But in the 6.5.11, both of them are not working anymore and I am seeing follow error message. 

 

Error while sending request: javax.net.ssl.SSLException: hostname in certificate didn't match:

<apache1> != </demo1.com/demo2.com> 

<apache2> != </demo1.com/demo2.com>

ForrestLi_0-1645517046801.png

Does anyone know how to fix it?

 

Thanks,

Forrest

1 Accepted Solution

Avatar

Correct answer by
Level 3

Hi @ForrestLi 

 

Hostname matching is done according to how the client identifies the host it's trying to access. If it's trying to access https://localhost/, then the certificate must be valid for localhost. If it's trying to access https://something-else.example, then the certificate must be valid for something-else.example, even if localhost and something-else.example are one and the same machine.

 

You can use the below steps to diagnose and confirm the issue:

  • Check the Server’s Fully Qualified Domain Name and make sure this matches with the URL configured on the Certificate.
  • Check the CN and DNSName from the output of the command below:
keytool -list -v -keystore <keystore-directory>/.keystore

 

 

 

View solution in original post

2 Replies

Avatar

Correct answer by
Level 3

Hi @ForrestLi 

 

Hostname matching is done according to how the client identifies the host it's trying to access. If it's trying to access https://localhost/, then the certificate must be valid for localhost. If it's trying to access https://something-else.example, then the certificate must be valid for something-else.example, even if localhost and something-else.example are one and the same machine.

 

You can use the below steps to diagnose and confirm the issue:

  • Check the Server’s Fully Qualified Domain Name and make sure this matches with the URL configured on the Certificate.
  • Check the CN and DNSName from the output of the command below:
keytool -list -v -keystore <keystore-directory>/.keystore

 

 

 

Avatar

Level 3

I am not install any keystore file in the AEM. For now, I know service package 6.5.11 caue the issue, but I don't know how to fix it.