Thanx. This is working. Csaba
On 2021-09-21 16:08, Freeman Fang wrote:
Hi, You can specify certAlias name in </http:tlsClientParameters> Something like <sec:certAlias>what_ever_suitable</sec:certAlias> Hopefully this is what you are looking for. Cheers Freeman On Tue, Sep 21, 2021 at 9:50 AM Tóth Csaba <ig...@domen.hu> wrote:Hello! For a webservice client, (over https) the server sent certificate has wrong "name", but it has an good "alternative name". I got javax.net.ssl.SSLHandshakeException: SSLHandshakeException. I have very basic conduit settings: <http:conduit name="url*"> <http:tlsClientParameters> <sec:keyManagers keyPassword=""> <sec:keyStore password="" resource="" type="JKS"/> </sec:keyManagers> <sec:trustManagers> <sec:keyStore password="" resource="" type="JKS"/> </sec:trustManagers> <sec:cipherSuitesFilter> <!-- these filters ensure that a ciphersuite with export-suitable or null encryption is used, but exclude anonymous Diffie-Hellman key change as this is vulnerable to man-in-the-middle attacks --> <sec:include>.*_EXPORT_.*</sec:include> <sec:include>.*_EXPORT1024_.*</sec:include> <sec:include>.*_WITH_DES_.*</sec:include> <sec:include>.*_WITH_AES_.*</sec:include> <sec:include>.*_WITH_NULL_.*</sec:include> <sec:exclude>.*_DH_anon_.*</sec:exclude> </sec:cipherSuitesFilter> </http:tlsClientParameters> </http:conduit> (with other https endponts its working) How can is setup to check the "alternative name" too, and not only the "name"? Thanx Csaba
