On Sun, Feb 10, 2019 at 09:31:46PM -0800, Pallavi Sonal wrote: > Please refer the release notes for JDK 8u181 at > https://www.oracle.com/technetwork/java/javase/8u181-relnotes-4479407.html , > there is a change to improve LDAP support and make it more secure. It is not > possible now to establish an LDAPS connection to a server which presents a > certificate whose CN or SAN does not contain the requested host name. So, > either the same host name should be used which is there in the certificate's > CN or SAN or the certificate should be updated to have the matching hostname > as in its CN or SAN. I have added the snippet from the release notes below > for your reference :
Heiko's post shows that the certificate had the correct hostname as a dNSName SAN. Sounds like a bug to me, and a serious one at that. Nico --
