Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Are Subject Alternative Names compulsory for SSL in Jetty 9.4.18?

Hi Joakim,

Thank you so much for the code example. I am using embedded jetty , and a generic SSL context. Shall make the change to Server SSL Context, and Client SSL Context for client. Could you please confirm another small detail ? Is it needed to set the endpoint identification algorithm to null in the code ?

Thanks and Regards

On Sun, Sep 15, 2019 at 4:48 PM Silvio Bierman <sbierman@xxxxxxxxxxxxxxxxxx> wrote:
No they don't for me. We are running on 9.4.18 and do not use SAN. I have never seen that error.

On 9/15/19 4:31 AM, Sonali Dasgupta wrote:
Please note that keystores which worked without SAN in jetty 9.4.8 , now give "No subject alternative name" errors on running the applications on jetty 9.4.18 . Does that not signify that SANs are compulsory with jetty 9.4.18 ? Also , these keystores already have CN. 

Would appreciate a more detailed explanation on this issue , from the jetty developers. Also , the error seems fully related to Jetty,  since it stems from jetty SSL Context. 

Thanks 

On Sun, 15 Sep, 2019, 3:38 AM Simone Bordet, <sbordet@xxxxxxxxxxx> wrote:
Hi,

On Sat, Sep 14, 2019 at 7:05 PM Sonali Dasgupta
<sonalidasgupta95.2011@xxxxxxxxx> wrote:
>
> Are Subject Alternative Names (SANs) in keystores compulsory while configuring SSL over Jetty server (version 9.4.18) ?

No.

> Is there a property which on being set , allows SSL configuration without SANs in the keystore z/

I don't understand this, and it has nothing to do with Jetty how you
setup your keystore.
If you don't want to use SAN, you just use the CN (perhaps with a wild
domain) and you're good to go.

> Facing critical issues hence help will be appreciated.

If you need critical support for Jetty, you can lookup commercial
support from Webtide: https://webtide.com.

--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users

Back to the top