Re: [jetty-users] javax.net.ssl.SSLHandshakeException No subject alterna

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] javax.net.ssl.SSLHandshakeException No subject alternative DNS name matching xxx found.

From: Silvio Bierman <sbierman@xxxxxxxxxxxxxxxxxx>
Date: Tue, 29 Jan 2019 01:51:35 +0100
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0

Hello all,

Another followup on the same topic: triggering aSslContextFactory.reload on the server consistently and immediatelytriggers the problem on the client side, restarting the server is closeto 100% (seems timing related). I was still leaning toward somethingfishy in the client code or even the JDK11 SSL client socket code butnow I am almost certain this is going awry on the server side.

Still JDK11 on both client and server side and Jetty 9.4.14.v20181114server, using domain names that are covered by wildcard certificates.

I am busy setting up a server with 9.4.11 and JDK8 to see what happensthere but since I am packed it may take another week or so to get results.


I will keep you posted.

One addition: this morning I replaced the keystore file on one of theservers because some almost-expired certificates had been updated andsubsequently triggered a SslContextFactory.reload through theapplication. Within 15 minutes the logging showed about two dozenfailed requests. Then it silently went away. May be a coincidence ofcourse.
Silvio

Follow-Ups:
- Re: [jetty-users] javax.net.ssl.SSLHandshakeException No subject alternative DNS name matching xxx found.
  - From: Greg Wilkins

References:
- [jetty-users] javax.net.ssl.SSLHandshakeException No subject alternative DNS name matching xxx found.
  - From: Silvio Bierman
- Re: [jetty-users] javax.net.ssl.SSLHandshakeException No subject alternative DNS name matching xxx found.
  - From: Greg Wilkins
- Re: [jetty-users] javax.net.ssl.SSLHandshakeException No subject alternative DNS name matching xxx found.
  - From: Silvio Bierman
- Re: [jetty-users] javax.net.ssl.SSLHandshakeException No subject alternative DNS name matching xxx found.
  - From: Silvio Bierman
- Re: [jetty-users] javax.net.ssl.SSLHandshakeException No subject alternative DNS name matching xxx found.
  - From: Silvio Bierman

Prev by Date: Re: [jetty-users] Concurreny problem in Session Management
Next by Date: Re: [jetty-users] javax.net.ssl.SSLHandshakeException No subject alternative DNS name matching xxx found.
Previous by thread: Re: [jetty-users] javax.net.ssl.SSLHandshakeException No subject alternative DNS name matching xxx found.
Next by thread: Re: [jetty-users] javax.net.ssl.SSLHandshakeException No subject alternative DNS name matching xxx found.
Index(es):
- Date
- Thread

Breadcrumbs