java.security.cert.CertificateException: No subject alternative DNS name matching <hostname> found

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

Using SSL to connect Crowd, or Embedded Crowd, to an LDAP directory can result in the above error, if the name on the certificate does not match the hostname of the server.

Cause

In 2.3.6, Crowd now verifies the hostname on SSL certificates when communicating with an LDAP server over SSL. This was documented in this JAC issue:  CWD-2690 - Getting issue details... STATUS

What this means is that the hostname must match that on the SSL certificate, or Crowd will not be able to connect to the directory. This is by design. 

Resolution Options

 

Fix the certificate to contain the correct name. This is the preferred (and most secure) fix.

Use an 'ldaps' connection URL and leaving 'Secure SSL' (on Crowd) or 'Use SSL' (in Embedded Crowd) unchecked in the Crowd Console will use an SSL connection but will not verify that the hostname and certificate match.

Edit the server's hosts file to allow you to use the incorrect name in the certificate. Add the FQDN on the certificate and match it to the IP address of the server.

Verify "Follow Referrals" is not selected in the User Directory configuration.

Last modified on Dec 22, 2014

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.