https4 apache camel gives Host name does not match the certificate subject provided by the peer

Question

i am trying to set up a https connection with apache camel in Spring DSL. following this tutorial: https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.2/html/apache_camel_component_reference/IDU-HTTP4

and also: http://camel.apache.org/http4.html

i constructed the following code:

<sslContextParameters id="sslContextParameters" xmlns="http://camel.apache.org/schema/blueprint"> 
        <trustManagers>
            <keyStore resource="keyStore/keyStore.jks" password="changeit"/>                   
        </trustManagers>                
</sslContextParameters>

and my route:

<route id="axis_camera">
    <to uri = "https4://my_ip_adress?sslContextParametersRef=sslContextParameters"
</route>

and

<bean id="http-ssl" class="org.apache.camel.component.http4.HttpComponent">
<property name="sslContextParameters" ref="sslContextParameters"/>
</bean>

when running this on apache servicemix i get:

javax.net.ssl.SSLPeerUnverifiedException: Host name my_ip_adress does not 
match the certificate subject provided by the peer (CN=axis-accc8ec51452, 
O=Axis Communications AB)

Now i can see in the certificate that this host name is not defined in the subject. I have seen that certificates can not be edited so my question is how do i adjust this code in such a way that it reads the correct hostname?

score 1 · Answer 1 · answered Feb 28 '19 at 14:23

This is a wild guess based on available information, but give it a try. Your certificate CN is axis-accc8ec51452 you should be connecting to this hostname, instead of my_ip_address.

To map the hostname axis-accc8ec51452 to my_ip_address, either update it in your DNS resolver or add it to your hosts file (*nix : /etc/hosts | Windows: c:\Windows\System32\Drivers\etc\hosts)

score 0 · Answer 2 · answered Mar 04 '19 at 09:55

it was quite frustrating, but with the help of @ShellDragon i searched for a bean that allows all hostnames. this bean is x509HostnameVerifier. so in my code i added this here:

<bean id="http-ssl" class="org.apache.camel.component.http4.HttpComponent">
    <property name="sslContextParameters" ref="sslContextParameters"/>
      <property name="x509HostnameVerifier" ref = "x509HostnameVerifier"/>
    </bean>

and added this to my url:

https4://my_ip_adress?sslContextParametersRef=sslContextParameters&amp;x509HostnameVerifier=x509HostnameVerifier

score 0 · Answer 3 · answered Jul 27 '23 at 09:53

When you use Apache Camel you can define x509HostnameVerifier parameter in your url. Something like above:

<bean id="noopHostnameVerifier" class="org.apache.http.conn.ssl.NoopHostnameVerifier" />

...

<to uri="http: ... ?x509HostnameVerifier=#noopHostnameVerifier"/>

https4 apache camel gives Host name does not match the certificate subject provided by the peer

3 Answers3