Expand my Community achievements bar.

SOLVED

Hostname in certificate didn't match

Avatar

Level 3

Hi All,

 

I am using AEM 6.5. Recently I upgraded the service package from 6.5.7 to the 6.5.11. The I find my Dispatcher Flush can't work anymore. I have two apache server apache1 and apache2, so I configured two dispatcher flush.

 In the 6.5.7, the dispatcher flush was woring. But in the 6.5.11, both of them are not working anymore and I am seeing follow error message. 

 

Error while sending request: javax.net.ssl.SSLException: hostname in certificate didn't match:

<apache1> != </demo1.com/demo2.com> 

<apache2> != </demo1.com/demo2.com>

ForrestLi_0-1645517046801.png

Does anyone know how to fix it?

 

Thanks,

Forrest

1 Accepted Solution

Avatar

Correct answer by
Level 3

Hi @ForrestLi 

 

Hostname matching is done according to how the client identifies the host it's trying to access. If it's trying to access https://localhost/, then the certificate must be valid for localhost. If it's trying to access https://something-else.example, then the certificate must be valid for something-else.example, even if localhost and something-else.example are one and the same machine.

 

You can use the below steps to diagnose and confirm the issue:

  • Check the Server’s Fully Qualified Domain Name and make sure this matches with the URL configured on the Certificate.
  • Check the CN and DNSName from the output of the command below:
keytool -list -v -keystore <keystore-directory>/.keystore

 

 

 

View solution in original post

2 Replies

Avatar

Correct answer by
Level 3

Hi @ForrestLi 

 

Hostname matching is done according to how the client identifies the host it's trying to access. If it's trying to access https://localhost/, then the certificate must be valid for localhost. If it's trying to access https://something-else.example, then the certificate must be valid for something-else.example, even if localhost and something-else.example are one and the same machine.

 

You can use the below steps to diagnose and confirm the issue:

  • Check the Server’s Fully Qualified Domain Name and make sure this matches with the URL configured on the Certificate.
  • Check the CN and DNSName from the output of the command below:
keytool -list -v -keystore <keystore-directory>/.keystore

 

 

 

Avatar

Level 3

I am not install any keystore file in the AEM. For now, I know service package 6.5.11 caue the issue, but I don't know how to fix it.