LDAP SSL errror with correct subject alternative DNS in cert

Jürgen Scholtes May 10, 2016

This question is in reference to Atlassian Documentation: java.security.cert.CertificateException: No subject alternative DNS name matching found

When i look at my LDAP-Server cert with the openssl client i get a correct  X509v3 Subject Alternative Name.

But JIRA still fails with "javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address"

any ideas?

2 answers

1 accepted

0 votes
Answer accepted
Jürgen Scholtes May 11, 2016

I found this issue:

https://jira.atlassian.com/browse/BSERV-7741

So it seems to be more a problem with the buildin JRE that comes with Jira, which is still 1.8.0_51  

Would be nice, if Atlassian could pack JIRA with a current JRE

Ok, my fault.

My testing-machine is v7.1.1 with JRE 1.8.0_51
My production-machine is on v7.1.4 with 1.8.0_74-b02

I need to check if it will run on later 

JRE 1.8.0_74-b02  (in JIRA v7.1.4) solves the LDAPS SSL error

0 votes
Jonas Andersson
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 11, 2016

Make sure that both the short and FQDN is presented in the certificate alt names. Commonly certs are issued with FQDN but site's visited via the short name, and this can cause these kind of issues.

 

 

Suggest an answer

Log in or Sign up to answer