stackoom
  简体   繁体   中英

Websphere + Tomcat : CertificateException

 原文  2017-06-04 13:44:19       java/ tomcat/ websphere

Question

I have 2 applications deployed on 2 different servers where my GUI application is on Tomcat and CAS(central authentication) on Websphere. I have created keystore file and updated the same in server.xml in tomcat conf.

Please find the entries below.

Tomcat: 

<Environment name="config/centralCasServerLoginURL" 
type="java.lang.String" value="https://localhost:9443/my-sso-web/login?
method=POST"/>
Tomcat: <Environment name="config/applicationServiceURL" 
type="java.lang.String" value="https://localhost:8443/bank-client-
web/j_spring_cas_security_check"/>*

and 

<Connector SSLEnabled="true" clientAuth="false" 
keystoreFile="C:\tmp\newKeystore1" 
         keystorePass="password" maxThreads="200" port="8443"
         protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" 
secure="true" sslProtocol="TLS"/>*

I am able to run both the application individually but when I configured CASAuthentication profile in that time I am able to login CAS but after it redirected to my GUI application URL (ie https://localhost:8443/bank-client-web/j_spring_cas_security_check ) it is throwing below error.

Could you please help me with that? 

SEVERE: Servlet.service() for servlet [default] in context with path [/bank-
client-web] threw exception
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: 
java.security.cert.CertificateException: No name matching localhost found
    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:295)
    at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:33)
    at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:178)
    at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:131)
    at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:117)
    at org.springframework.security.authentication.ProviderManager.doAuthentication(ProviderManager.java:130)
Caused by: javax.net.ssl.SSLHandshakeException: 
java.security.cert.CertificateException: No name matching localhost found
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)     
Caused by: java.security.cert.CertificateException: No name matching localhost found
    at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:221)
    at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
    ... 55 more

1 answers

solution1
 0  2017-06-04 16:35:15

This is simply your client-side library peforming strict hostname verification, comparing "localhost" in the URL to the hosts WebSphere's certificate is valid for.

Simplest fix is to address this server by it's actual hostname rather than localhost.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question WebSphere classloader is it different then in tomcat? Migrating from tomcat to websphere JRebel Tomcat + Websphere ClassCastException of StructDescriptor on websphere but not on tomcat Session Replication from Websphere to Tomcat Migration of Tomcat database setting to Websphere Tomcat's BeanFactory analog in WebSphere WebSphere MQ connection pooling with Tomcat shared security between websphere and tomcat Property file InputStream ok in Websphere but null in Tomcat
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM