cancel
Showing results for 
Search instead for 
Did you mean: 

iControl Java API Certificate Mismatch Suppression - Is it possible?

Demetrios_Kalle
Nimbostratus
Nimbostratus

Hi,

 

I'm working with the Java iControl.jar file in a project, and am working with a freshly installed instance of BIG-IP 11.5. It appears that the certificate from the server reports 'localhost' as the host name.

 

This appears to be causing an error when I attempt to invoke get_system_information().

 

Is there any way to temporarily configure the iControl API to accept a hostname mismatch while in development mode?

 

Thanks for any tips!

 

The error that I m getting is:

 

AxisFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException faultSubcode: faultString: javax.net.ssl.SSLException: hostname in certificate didn't match: <10.105.135.50> != faultActor: faultNode: faultDetail: {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLException: hostname in certificate didn't match: <10.105.135.50> != at org.apache.axis.components.net.JSSESocketFactory.verifyHostName(JSSESocketFactory.java:351) at org.apache.axis.components.net.JSSESocketFactory.verifyHostName(JSSESocketFactory.java:287) at org.apache.axis.components.net.JSSESocketFactory.verifyHostName(JSSESocketFactory.java:270) at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:216) at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191) at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404) at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138) at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) at org.apache.axis.client.Call.invokeEngine(Call.java:2784) at org.apache.axis.client.Call.invoke(Call.java:2767) at org.apache.axis.client.Call.invoke(Call.java:2443) at org.apache.axis.client.Call.invoke(Call.java:2366) at org.apache.axis.client.Call.invoke(Call.java:1812) at iControl.SystemSystemInfoBindingStub.get_system_information(SystemSystemInfoBindingStub.java:1784) at com.f5._interface.soap.SOAPInterface.connect(SOAPInterface.java:112) at com.f5._interface.soap.SOAPInterface.CanConnectToBigIP(SOAPInterface.java:136) at com.f5.plugin.iControlLocalLB.connect(iControlLocalLB.java:192) at com.f5.plugin.iControlLocalLB.retrievePoolList(iControlLocalLB.java:286) at com.f5.plugin.iControlLocalLB.verifyCache(iControlLocalLB.java:275) at com.f5.plugin.iControlLocalLB.getVirtualServers(iControlLocalLB.java:744) at com.f5.plugin.TestHarness.TestLocalLB(TestHarness.java:461) at com.f5.plugin.TestHarness.main(TestHarness.java:599)

 

{http://xml.apache.org/axis/}hostname:VIEW51-W7PFIN06

javax.net.ssl.SSLException: hostname in certificate didn't match: <10.105.135.50> != at org.apache.axis.AxisFault.makeFault(AxisFault.java:101) at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154) at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)

 

3 REPLIES 3

Joe_Pruitt
Cirrostratus
Cirrostratus

The code should be in there to do that already. There is an implementation of an XTrustProvider that injects itself in the ServicePointManager and allows that case. What version of the iControl library for Java are you using? I'll test it out and see if I can recreate the issue.

 

Demetrios_Kalle
Nimbostratus
Nimbostratus

Hi Joe,

 

I'm fairly certain that I'm using the iControl 11.3 jar file.

 

Since posting this the appropriate certificates have been added and everything is fine now.

 

Cheers,

 

Demetree

 

Hi Demetrios,

 

I also getting similar issue . what would be solution for that ?

 

Thanks and Regards,

Jana