Here's my error:
java.security.cert.CertificateException: No subject alternative DNS name
matching <servername> found.
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException:
No subject alternative DNS name matching <servername> found.
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
~[na:1.7.0_45]
...more...
Caused by: java.security.cert.CertificateException: No subject alternative DNS
name matching <servername> found.
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:191)
~[na:1.7.0_45]
at sun.security.util.HostnameChecker.match(HostnameChecker.java:93)
~[na:1.7.0_45]
at
sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:347)
~[na:1.7.0_45]
at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:203)
~[na:1.7.0_45]
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
~[na:1.7.0_45]
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
~[na:1.7.0_45]
I understand that this is due to the cert CN not matching the host name.
My situation is the following: we are trying to load balance on two CAS
servers: cas1 and cas2. We have an ssl cert signed for the virtual host,
<whatever>.domain.edu ( http://domain.com/ ), which is placed on each of our
cas servers. When Shib redirects to CAS, <whatever>.domain.edu (
http://domain.com/ ), I get the login page and submit it, then I go back to
Shib and get an error. In the shib logs is the above stacktrace. I've checked
the cas.properties on each server and all looks good (set to the virtual host).
I'm running CAS 3.4.12 and CAS client 3.2.1.
Any recommendations around this issue? Thanks!
Brad Rippe
IT Project Leader
North Orange County Community College District
(714) 808-4872
[email protected]
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user