Hostname in certificate didn't match
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the server and data center platforms.
Problem
Confluence with SSL doesn’t work properly due to the domain from SSL Certificate doesn’t match with the requesting name.
The following appears in the atlassian-confluence.log.
2015-03-04 10:09:07,312 ERROR [http-8190-2] [renderer.internal.http.HttpClientFetcher] fetch Unable to retrieve response
-- url: /plugins/macrobrowser/browse-macros.action | userName: testuser | referer: https://confluence.test1.com/pages/viewpage.action?pageId=217321411 | action: browse-macros
javax.net.ssl.SSLException: hostname in certificate didn't match: <jira.test.com> != <confluence.test1.com> OR <test2.com> OR <confluence.test3.com>Diagnosis
The steps below can help to confirm the issue:
- Check the Server’s FQDN and make sure this matches the domain configured on the Certificate.
- Check the CN and DNSName from the output of the command below:
keytool -list -v -keystore <keystore-directory>/.keystoreCause
Hostname matching is done according to how the client identifies the host it's trying to access. If it's trying to access https://localhost/, then the certificate must be valid for localhost. If it's trying to access https://something-else.example, then the certificate must be valid for something-else.example, even if localhost and something-else.example are one and the same machine.
Solution
We have two possible resolutions:
- Generate a new SSL Certificate with the correct domain/hostname and URL following this documentation https://confluence.atlassian.com/display/DOC/Running+Confluence+Over+SSL+or+HTTPS
OR
- Fix the Server Domain/Hostname to match with the Certificate Domain/Hostname in the host file.