Forum Discussion
NimbostratusiControl Java API Certificate Mismatch Suppression - Is it possible?
Hi,
I'm working with the Java iControl.jar file in a project, and am working with a freshly installed instance of BIG-IP 11.5. It appears that the certificate from the server reports 'localhost' as the host name.
This appears to be causing an error when I attempt to invoke get_system_information().
Is there any way to temporarily configure the iControl API to accept a hostname mismatch while in development mode?
Thanks for any tips!
The error that I m getting is:
AxisFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException faultSubcode: faultString: javax.net.ssl.SSLException: hostname in certificate didn't match: <10.105.135.50> != faultActor: faultNode: faultDetail: {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLException: hostname in certificate didn't match: <10.105.135.50> != at org.apache.axis.components.net.JSSESocketFactory.verifyHostName(JSSESocketFactory.java:351) at org.apache.axis.components.net.JSSESocketFactory.verifyHostName(JSSESocketFactory.java:287) at org.apache.axis.components.net.JSSESocketFactory.verifyHostName(JSSESocketFactory.java:270) at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:216) at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191) at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404) at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138) at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) at org.apache.axis.client.Call.invokeEngine(Call.java:2784) at org.apache.axis.client.Call.invoke(Call.java:2767) at org.apache.axis.client.Call.invoke(Call.java:2443) at org.apache.axis.client.Call.invoke(Call.java:2366) at org.apache.axis.client.Call.invoke(Call.java:1812) at iControl.SystemSystemInfoBindingStub.get_system_information(SystemSystemInfoBindingStub.java:1784) at com.f5._interface.soap.SOAPInterface.connect(SOAPInterface.java:112) at com.f5._interface.soap.SOAPInterface.CanConnectToBigIP(SOAPInterface.java:136) at com.f5.plugin.iControlLocalLB.connect(iControlLocalLB.java:192) at com.f5.plugin.iControlLocalLB.retrievePoolList(iControlLocalLB.java:286) at com.f5.plugin.iControlLocalLB.verifyCache(iControlLocalLB.java:275) at com.f5.plugin.iControlLocalLB.getVirtualServers(iControlLocalLB.java:744) at com.f5.plugin.TestHarness.TestLocalLB(TestHarness.java:461) at com.f5.plugin.TestHarness.main(TestHarness.java:599)
{http://xml.apache.org/axis/}hostname:VIEW51-W7PFIN06
javax.net.ssl.SSLException: hostname in certificate didn't match: <10.105.135.50> != at org.apache.axis.AxisFault.makeFault(AxisFault.java:101) at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154) at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
3 Replies
The code should be in there to do that already. There is an implementation of an XTrustProvider that injects itself in the ServicePointManager and allows that case. What version of the iControl library for Java are you using? I'll test it out and see if I can recreate the issue.
Demetrios_KalleHi Joe,
I'm fairly certain that I'm using the iControl 11.3 jar file.
Since posting this the appropriate certificates have been added and everything is fine now.
Cheers,
Demetree
janarthananHi Demetrios,
I also getting similar issue . what would be solution for that ?
Thanks and Regards,
Jana
