0

I've created a java spring-boot application that communicates with a server and sends it requests periodically. For security reasons i need to validate the certificates of the server, however there is a strange issue with the server's certificate.

The name of the server in the list of Subject Alternative Names (SAN) contains a trailing space character. So the name of the server does not match any of the names in the certificate according to the code...

For example if the URI is "https://server-01.org/" then the SAN of that server in the certificate is "server-01.org " which is a slight mismatch...

Is there a way in java to ignore the trailing spaces in the certificate? I'm unable to change the server certificates, also other systems do not seem to trip over this issue. Is there a setting i can use in the java code?

Joop Eggen
  • 107,315
  • 7
  • 83
  • 138
Vaan
  • 11
  • 2
  • One guide, [How to Create a CSR and Key File for a SAN Certificate with Multiple Subject Alternate Names](https://support.citrix.com/article/CTX227983), even mentions: _Make sure there are no whitespaces at the end of the lines._ I assume you cannot add an other SAN without trailing spaces too. – Joop Eggen Dec 18 '19 at 16:40
  • Thanks Joop, unfortunately i cannot modify the server certificate. Is there a way to relax the validation on client side? Just to trim the domain names in the certificate before comparing? – Vaan Dec 20 '19 at 07:52
  • Not that I am aware of, but do a bit of internet research; I am no authority there. A new certificate is needed because of the error in the certificate. – Joop Eggen Dec 20 '19 at 09:52

0 Answers0