Hostname in certificate didn't match
Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.
Confluence with SSL doesn’t work properly due to the domain from SSL Certificate doesn’t match with the requesting name.
The following appears in the atlassian-confluence.log.
2015-03-04 10:09:07,312 ERROR [http-8190-2] [renderer.internal.http.HttpClientFetcher] fetch Unable to retrieve response -- url: /plugins/macrobrowser/browse-macros.action | userName: testuser | referer: https://confluence.test1.com/pages/viewpage.action?pageId=217321411 | action: browse-macros javax.net.ssl.SSLException: hostname in certificate didn't match: <jira.test.com> != <confluence.test1.com> OR <test2.com> OR <confluence.test3.com>
The steps below can help to confirm the issue:
- Check the Server’s FQDN and make sure this match with the URL configured on the Certificate.
- Check the CN and DNSName from the output of the command below:
keytool -list -v -keystore <keystore-directory>/.keystore
Hostname matching is done according to how the client identifies the host it's trying to access. If it's trying to access https://localhost/, then the certificate must be valid for localhost. If it's trying to access https://something-else.example, then the certificate must be valid for something-else.example, even if localhost and something-else.example are one and the same machine.
We have two possible resolutions:
- Generate a new SSL Certificate with the correct hostname and URL following this documentation https://confluence.atlassian.com/display/DOC/Running+Confluence+Over+SSL+or+HTTPS
- Fix the Server Hostname to match with the Certificate URL in the host file.