views:

253

answers:

1

I know there were a lot of questions/answers about how to ignore SSL error in the code.

On our dev region dev.domain.tld we have configured a app server over SSL.

The certificate that is displayed is for somedev.domain.tld.

There is no way to change the certificate, it will always be a domain mismatch.

So when I deploy a web-service to https://dev.domain.tld and try to connect/call my webservice I get an exception:

Caused by: java.security.cert.CertificateException: No name matching dev.domain.tld found

And I have the somedev.domain.tld CERT in my trust store.

Now, I saw a lot of samples how to change that in the code (using a Trust Manager that accepts all domains), but how do I specify to the JVM to ignore the domain mismatch when connecting to the server? Is there a -Djavax.net.ssl argument or something?

Thank you!

UPDATE:

Or, since I am using Spring-WS, is there a way to set some property in Spring for that? (WebServiceTemplate)

UPDATE

I guess I'll have to do use something from Spring Security: http://static.springsource.org/spring-ws/sites/1.5/reference/html/security.html

A: 

This works for me in a client application of mine, perhaps this will also work for you if you are (or Spring is internally) using HttpsURLConnection anywhere.

HostnameVerifier hv = new HostnameVerifier() {
  public boolean verify(String urlHostName, SSLSession session) {
    log.warning(String.format("Warning: URL Host: '%s' does not equal '%s'", urlHostName, session.getPeerHost()));
    return true;
  }
};

HttpsURLConnection.setDefaultHostnameVerifier(hv);

Its hardly SSL best practice though. The best solution would be to use a certificate that matches the hostname.

Gerco Dries