BW 5.X server certificate 'X' did not match expected hostname 'Z'
Article ID: KB0074789
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix BusinessWorks | 5.x |
Description
If the below error is observed, or instead of 'website.com' it contains '*.website.com' then please check the following:
caused by: java.io.IOException: Failed to create secure client socket: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException:
com.tibco.security.AXSecurityException: server certificate 'websitename.com' did not match expected hostname 'new.websitename.com'
caused by: java.io.IOException: Failed to create secure client socket: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException:
com.tibco.security.AXSecurityException: server certificate 'websitename.com' did not match expected hostname 'new.websitename.com'
Issue/Introduction
BW 5.X error server certificate 'X' did not match expected hostname 'Z'
Environment
All
Resolution
1. For the respective activity in the Configuration tab check "Configure SSL..." to ensure that Verify Host Name is not enabled.
If it is enabled, a BW client will check the Host Name in the endpoint URL against the CN field in the certificate sent from the server.
The two values have to be an exact match.
2. Please remove any wildcard accordingly in the subject name if you wish to use the feature "Verify Host Name".
See the following KB for this point: Can I enable Verify Host Name and use wildcard in CN name?
https://support.tibco.com/s/article/Tibco-KnowledgeArticle-Article-44722
If it is enabled, a BW client will check the Host Name in the endpoint URL against the CN field in the certificate sent from the server.
The two values have to be an exact match.
2. Please remove any wildcard accordingly in the subject name if you wish to use the feature "Verify Host Name".
See the following KB for this point: Can I enable Verify Host Name and use wildcard in CN name?
https://support.tibco.com/s/article/Tibco-KnowledgeArticle-Article-44722
Additional Information
Here is a portion of the BW documentation from Palette Reference, Send HTTP Request, Configure SSL Button
This field specifies to check the host name of the HTTP server against the host name listed in the server’s digital certificate.
This provides additional verification that the host name you believe you are connecting to is in fact the desired host.
If the host name specified in the Host field on the Configuration tab is not an exact match to the host name specified in the server’s digital certificate, the connection is refused.
Note: If you specify an equivalent hostname (for example, an IP address) in the Host field, but the name is not an exact match of the hostname in the host’s digital certificate, the connection is refused.
This field specifies to check the host name of the HTTP server against the host name listed in the server’s digital certificate.
This provides additional verification that the host name you believe you are connecting to is in fact the desired host.
If the host name specified in the Host field on the Configuration tab is not an exact match to the host name specified in the server’s digital certificate, the connection is refused.
Note: If you specify an equivalent hostname (for example, an IP address) in the Host field, but the name is not an exact match of the hostname in the host’s digital certificate, the connection is refused.
Feedback
Yes
No
Powered by
