Thanx.
This is working.
Csaba
On 2021-09-21 16:08, Freeman Fang wrote:
Hi,
You can specify certAlias name in
</http:tlsClientParameters>
Something like
<sec:certAlias>what_ever_suitable</sec:certAlias>
Hopefully this is what you are looking for.
Cheers
Freeman
On Tue, Sep 21, 2021 at 9:50 AM Tóth Csaba <ig...@domen.hu> wrote:
Hello!
For a webservice client, (over https) the server sent certificate has
wrong "name", but it has an good "alternative name".
I got javax.net.ssl.SSLHandshakeException: SSLHandshakeException.
I have very basic conduit settings:
<http:conduit name="url*">
<http:tlsClientParameters>
<sec:keyManagers keyPassword="">
<sec:keyStore password="" resource="" type="JKS"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore password="" resource="" type="JKS"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<!-- these filters ensure that a ciphersuite with
export-suitable or null encryption is used, but exclude anonymous
Diffie-Hellman key change as this is vulnerable to man-in-the-middle
attacks -->
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_AES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
</http:conduit>
(with other https endponts its working)
How can is setup to check the "alternative name" too, and not only the
"name"?
Thanx
Csaba