Expand my Community achievements bar.

SOLVED

Hostname in certificate didn't match

Avatar

Level 3
Level 3
2/22/22 12:06:36 AM

Hi All,

 

I am using AEM 6.5. Recently I upgraded the service package from 6.5.7 to the 6.5.11. The I find my Dispatcher Flush can't work anymore. I have two apache server apache1 and apache2, so I configured two dispatcher flush.

 In the 6.5.7, the dispatcher flush was woring. But in the 6.5.11, both of them are not working anymore and I am seeing follow error message. 

 

Error while sending request: javax.net.ssl.SSLException: hostname in certificate didn't match:

<apache1> != </demo1.com/demo2.com> 

<apache2> != </demo1.com/demo2.com>

ForrestLi_0-1645517046801.png

Does anyone know how to fix it?

 

Thanks,

Forrest

Views

1.5K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 3
Level 3
2/22/22 2:19:34 AM

Hi @ForrestLi 

 

Hostname matching is done according to how the client identifies the host it's trying to access. If it's trying to access https://localhost/, then the certificate must be valid for localhost. If it's trying to access https://something-else.example, then the certificate must be valid for something-else.example, even if localhost and something-else.example are one and the same machine.

 

You can use the below steps to diagnose and confirm the issue:

  • Check the Server’s Fully Qualified Domain Name and make sure this matches with the URL configured on the Certificate.
  • Check the CN and DNSName from the output of the command below:
keytool -list -v -keystore <keystore-directory>/.keystore

 

 

 

View solution in original post

Views

1.4K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Correct answer by
Level 3
Level 3
2/22/22 2:19:34 AM

Hi @ForrestLi 

 

Hostname matching is done according to how the client identifies the host it's trying to access. If it's trying to access https://localhost/, then the certificate must be valid for localhost. If it's trying to access https://something-else.example, then the certificate must be valid for something-else.example, even if localhost and something-else.example are one and the same machine.

 

You can use the below steps to diagnose and confirm the issue:

  • Check the Server’s Fully Qualified Domain Name and make sure this matches with the URL configured on the Certificate.
  • Check the CN and DNSName from the output of the command below:
keytool -list -v -keystore <keystore-directory>/.keystore

 

 

 

Views

1.4K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 3
Level 3
2/28/22 7:16:54 PM
In response to Rajalakshmi

I am not install any keystore file in the AEM. For now, I know service package 6.5.11 caue the issue, but I don't know how to fix it.

Views

1.4K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate