java.security.cert.CertificateException: No name matching hostname found

Document created by mike_aronson Employee on Aug 18, 2014
Version 1Show Document
  • View in full screen mode
You have installed a certificate but are receiving an error such as the following:

java.security.cert.CertificateException: No name matching <hostname> found

or

java.security.cert.CertificateException: No subject alternative DNS name matching <hostname> found

where <hostname> is the name provided when the certificate was generated.

This error may occur on the HTTP Client operation or Web Service SOAP client operation when attempting to send a request using the public cert to a server side host service with the private cert.
It may be preceded by:

Error invoking soap operation; Caused by: HTTP transport error: javax.net.ssl.SSLHandshakeException:


This issue was observed in a few cases and the resolutions in those cases were below.

In one case the certificate generator was a network security administrator.
The certificate generator recreated the certificates with a hostname that was recognizable.
In that case, the host name needed to be a SAN name, not a CN.

In another case, this SNI extension was added in the  bin/atom.vmoptions file and then the atom was restarted:

-Djsse.enableSNIExtension=true 

In some cases this is a server side certificate issue as the SSL handshake exception indicates the certificate is being exchanged, and 
the certificate exception is being received that the server side host/certificate combination can not be found as specified or configured.

Attachments

    Outcomes