0

I am using jolokia client to connect to my fuse server, which is using https for web. I am getting the below exception.

org.jolokia.client.exception.J4pException: IO-Error while contacting the server: javax.net.ssl.SSLException: hostname in certificate didn't match: <10.16.205.20> != at org.jolokia.client.J4pClient.mapException(J4pClient.java:333) at org.jolokia.client.J4pClient.execute(J4pClient.java:198) at org.jolokia.client.J4pClient.execute(J4pClient.java:168) at org.jolokia.client.J4pClient.execute(J4pClient.java:117)

I have already imported the certificate of 10.16.205.20 to my local truststrore (cacerts) from where my client application is running jolokia client. I have also verified the hosts file have entry for the domain that is being used in the certificate on 10.16.205.20 server. I am using the below code to connect.

J4pClient client = J4pClient.url(baseUrl).user(user.getName()).password(user.getPassword()).authenticator(new BasicAuthenticator().preemptive()).build();
            J4pExecRequest request = new J4pExecRequest("org.apache.karaf:type=bundles,name=root","list");
            J4pExecResponse response = client.execute(request);
            JSONObject obj = response.asJSONObject();
            ((CloseableHttpClient)client.getHttpClient()).close();

This code is running fine with the server deployed with http. Please let me know, if I am missing something.

Sudhakar
  • 1
  • 6
  • I am getting same with hawtio as well. javax.net.ssl.SSLException: hostname in certificate didn't match – Sudhakar Aug 03 '16 at 16:08
  • If I am using domain name instead of ip, I am able to connect. – Sudhakar Aug 03 '16 at 18:28
  • Is there any way to disable host-name verification in jolokia-osgi? – Sudhakar Aug 04 '16 at 12:19
  • What version of Jolokia do you use? – Claus Ibsen Aug 08 '16 at 08:48
  • And check the jolokia documentation - it has extensive information there - https://jolokia.org/documentation.html – Claus Ibsen Aug 08 '16 at 08:48
  • Thanks Claus, I am using jolokia-client-java-1.3.2 and jolokia-osgi-1.3.2 on server side. It seems problem with domain and ip not due to jolokia. My domain is resolving multiple ips that is the main reason. Is there anyway to disable host-name verification? – Sudhakar Aug 09 '16 at 10:10

1 Answers1

-1

You need to let your client use a ConnectionSocketFactory that bypasses this check.

For instance take a look at the following code (Code is Kotlin but you can easily translate it to java, I guess)

val sslCtx: SSLContext = SSLContexts
    .custom()
    .loadTrustMaterial(null, TrustSelfSignedStrategy())
    .build()

val cf: ConnectionSocketFactory = SSLConnectionSocketFactory(sslCtx, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)

J4pClient.url(s.jolokiaUrl)
    .sslConnectionSocketFactory(cf)
    .connectionTimeout(timeout.toMillis().toInt())
    .build()
Babis Routis
  • 157
  • 3