RE: I/O Exception: Name in certificate does not match host name
Ok thanks Dave I'll look into that idea. -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: 08 April 2015 22:47 To: cf-talk Subject: Re: I/O Exception: Name in certificate does not match host name 3) The dev API is (real domain names replaced with domain1 and domain2) prerelease-api.domain2.com initially this gave the error: I/O Exception: Name in certificate `*.domain1.net' does not match host name `prelease-api.domain2.com' I tried adding to the hosts: xx.xxx.xxx.xxx prelease-api.domain1.net where xx.xxx.xxx.xxx is the resolving IP address of prelease-api.domain2.com restarted CF and called prelease-api.domain1.net in my CFHTTP request and I get a 404 error, so I no longer get the IO error but I'm not hitting the correct server/application It's possible they're looking for host headers to figure out how to resolve requests. You might be able to specify the host header separately within your CFHTTP request, but I've never tried it to be honest. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business (SDVOSB) on GSA Schedule, and provides the highest caliber vendor- authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360438 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: I/O Exception: Name in certificate does not match host name
3) The dev API is (real domain names replaced with domain1 and domain2) prerelease-api.domain2.com initially this gave the error: I/O Exception: Name in certificate `*.domain1.net' does not match host name `prelease-api.domain2.com' I tried adding to the hosts: xx.xxx.xxx.xxx prelease-api.domain1.net where xx.xxx.xxx.xxx is the resolving IP address of prelease-api.domain2.com restarted CF and called prelease-api.domain1.net in my CFHTTP request and I get a 404 error, so I no longer get the IO error but I'm not hitting the correct server/application It's possible they're looking for host headers to figure out how to resolve requests. You might be able to specify the host header separately within your CFHTTP request, but I've never tried it to be honest. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business (SDVOSB) on GSA Schedule, and provides the highest caliber vendor- authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360431 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: I/O Exception: Name in certificate does not match host name
I think you'll need to update the hosts file so that: prerelease-api.anotherdomain.com ...points to the right IP and then refer to: prerelease-api.anotherdomain.com ...in your code. That should make everything line up. I think this is nearly right, except that you'll need to find the IP address for prerelease-api.anotherdomain.com and create a hosts entry for prerelease-api.domain.com that points to this IP address. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business (SDVOSB) on GSA Schedule, and provides the highest caliber vendor- authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360428 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: I/O Exception: Name in certificate does not match host name
Think what you might need is to add the SSL certificate to the java cacerts file as a trusted certificate. Then any sub-name for the domain will work. https://helpx.adobe.com/coldfusion/kb/import-certificates-certificate-stores-coldfusion.html This is a nice plugin for the CF Administrator to manage the cacerts, as opposed to messing with the command line. http://certman.riaforge.org/ ~Byron On Wed, Apr 8, 2015 at 5:23 AM, Ian Chapman ian.chap...@melodimedia.co.uk wrote: Hi Guys, Some time ago I posted a question about an error we were getting with MX7.1 http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353955 I have a similar problem but I believe the client is using a widlcard certificate so I get the error: I/O Exception: Name in certificate `*.domain.net' does not match host name `prerelease-api.anotherdomain.com' The difference this time is the '*.domain.net', previously it was for a determined sub domain so an aaddition to the host file resolved it. I've trid a number of things with the host file but as it's a wildcard I don't see what I would add to the hosts as any number of subdomains on domain.net could resovle to a number of IP's. Any ideas? Regards, Ian. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360427 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: I/O Exception: Name in certificate does not match host name
I think you'll need to update the hosts file so that: prerelease-api.anotherdomain.com ...points to the right IP and then refer to: prerelease-api.anotherdomain.com ...in your code. That should make everything line up. On Wed, Apr 8, 2015 at 5:23 AM, Ian Chapman ian.chap...@melodimedia.co.uk wrote: Hi Guys, Some time ago I posted a question about an error we were getting with MX7.1 http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353955 I have a similar problem but I believe the client is using a widlcard certificate so I get the error: I/O Exception: Name in certificate `*.domain.net' does not match host name `prerelease-api.anotherdomain.com' The difference this time is the '*.domain.net', previously it was for a determined sub domain so an aaddition to the host file resolved it. I've trid a number of things with the host file but as it's a wildcard I don't see what I would add to the hosts as any number of subdomains on domain.net could resovle to a number of IP's. Any ideas? Regards, Ian. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360426 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: I/O Exception: Name in certificate does not match host name
What Dave said. On Wed, Apr 8, 2015 at 10:01 AM, Dave Watts dwa...@figleaf.com wrote: I think you'll need to update the hosts file so that: prerelease-api.anotherdomain.com ...points to the right IP and then refer to: prerelease-api.anotherdomain.com ...in your code. That should make everything line up. I think this is nearly right, except that you'll need to find the IP address for prerelease-api.anotherdomain.com and create a hosts entry for prerelease-api.domain.com that points to this IP address. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business (SDVOSB) on GSA Schedule, and provides the highest caliber vendor- authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360429 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: I/O Exception: Name in certificate does not match host name
I've tried it that way but no dice, let show you what I have tried: 1) Exported the cert and imported into the Truststore (this should not have been needed as it is a Thawte issued certificate which is already in the trsutstore and lack of record in the truststore causes a different IO error). This caused no change. 2) The live API is api.domain2.com initially this gave the error: (note: real domain names replaced with domain1 and domain2) I/O Exception: Name in certificate `api.domain1.net' does not match host name `api.domain2.com' So I added to the hosts: xx.xxx.xxx.xxx api.domain1.net where xx.xxx.xxx.xxx is the resolving IP address of api.domain2.com restarted CF and called api.domain1.net in my CFHTTP request and this works and I can connect to the live API when the time comes. 3) The dev API is (real domain names replaced with domain1 and domain2) prerelease-api.domain2.com initially this gave the error: I/O Exception: Name in certificate `*.domain1.net' does not match host name `prelease-api.domain2.com' I tried adding to the hosts: xx.xxx.xxx.xxx prelease-api.domain1.net where xx.xxx.xxx.xxx is the resolving IP address of prelease-api.domain2.com restarted CF and called prelease-api.domain1.net in my CFHTTP request and I get a 404 error, so I no longer get the IO error but I'm not hitting the correct server/application What Dave said. On Wed, Apr 8, 2015 at 10:01 AM, Dave Watts dwa...@figleaf.com wrote: I think you'll need to update the hosts file so that: prerelease-api.anotherdomain.com ...points to the right IP and then refer to: prerelease-api.anotherdomain.com ...in your code. That should make everything line up. I think this is nearly right, except that you'll need to find the IP address for prerelease-api.anotherdomain.com and create a hosts entry for prerelease-api.domain.com that points to this IP address. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business (SDVOSB) on GSA Schedule, and provides the highest caliber vendor- authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360430 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm