Description:
By default, if host name verification is enabled, an EMS client will compare either the server URL or the value of ssl_expected_hostname with CN in the EMS server certificate. If they do not match, the client is not able to connect to EMS on SSL.



Symptoms:
N/A
Cause:
N/A

Overwriting the default host name verification with a custom host name verifier.

You can overwrite this default behavior by implementing a custom host name verifier.  This functionality is currently available for C and Java clients, not for .Net clients.  For example, in Java you can implement com.tibco.tibjms.TibjmsSSLHostNameVerifier.

Sample programs are provided under <ems_home>/samples.

One case custom host verified that can be used is when the CN name in a server certificate are different for Fault Tolerant EMS servers. 
By default, if a client is disconnected and tries to reconnect to the other FT server on SSL, it will not able to reconnect.  With custom host name verifier, it can choose to ignore that the expected host name is not the same as the CN name in the server certificate, so it still can reconnect.

If CN in server certificate is the the server host name, EMS 8.3 Java client can reconnect to the fault tolerant server after failover.  Please see EMS-6622 in EMS 8.3 release note.

For .Net client, Microsoft .Net SSLStream Class implements RFC 6125.  EMS .Net client is able to connect to EMS server if expected host name matches any name in SAN in server certificate.  Therefore, .Net client can also reconnect to fault tolerant server after failover.