05-Nov-201312:41 - last edited on 01-Jun-202311:32 by JimmyPackets
Hi,
I'm working with the Java iControl.jar file in a project, and am working with a freshly installed instance of BIG-IP 11.5. It appears that the certificate from the server reports 'localhost' as the host name.
This appears to be causing an error when I attempt to invoke get_system_information().
Is there any way to temporarily configure the iControl API to accept a hostname mismatch while in development mode?
Thanks for any tips!
The error that I m getting is:
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLException: hostname in certificate didn't match: <10.105.135.50> !=
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLException: hostname in certificate didn't match: <10.105.135.50> !=
at org.apache.axis.components.net.JSSESocketFactory.verifyHostName(JSSESocketFactory.java:351)
at org.apache.axis.components.net.JSSESocketFactory.verifyHostName(JSSESocketFactory.java:287)
at org.apache.axis.components.net.JSSESocketFactory.verifyHostName(JSSESocketFactory.java:270)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:216)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at iControl.SystemSystemInfoBindingStub.get_system_information(SystemSystemInfoBindingStub.java:1784)
at com.f5._interface.soap.SOAPInterface.connect(SOAPInterface.java:112)
at com.f5._interface.soap.SOAPInterface.CanConnectToBigIP(SOAPInterface.java:136)
at com.f5.plugin.iControlLocalLB.connect(iControlLocalLB.java:192)
at com.f5.plugin.iControlLocalLB.retrievePoolList(iControlLocalLB.java:286)
at com.f5.plugin.iControlLocalLB.verifyCache(iControlLocalLB.java:275)
at com.f5.plugin.iControlLocalLB.getVirtualServers(iControlLocalLB.java:744)
at com.f5.plugin.TestHarness.TestLocalLB(TestHarness.java:461)
at com.f5.plugin.TestHarness.main(TestHarness.java:599)
javax.net.ssl.SSLException: hostname in certificate didn't match: <10.105.135.50> !=
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
The code should be in there to do that already. There is an implementation of an XTrustProvider that injects itself in the ServicePointManager and allows that case. What version of the iControl library for Java are you using? I'll test it out and see if I can recreate the issue.
