Reported on OpenDJ 3.5.3, with JVM 1.8.0_181.
(DS 5.x and later are not affected.)
After moving to JVM 1.8.0_181:
- logging in to control-panel fails:
An error occurred connecting to the server. Details:
javax.naming.CommunicationException: 0.0.0.0:4444 [Root exception is javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: No subject alternative names present]
- running dsreplication status with non-FQDN hostname fails:
Unable to connect to the server at host1 on port 4444. Check this port is an administration port
Error reading data from server host1:4444. There is an error with the certificate presented by the server.
Details: simple bind failed: host1:4444
This is due to the following change in JVM 1.8.0_181:
➜ Improve LDAP support
Endpoint identification has been enabled on LDAPS connections.
To improve the robustness of LDAPS (secure LDAP over TLS ) connections, endpoint identification algorithms have been enabled by default.
Note that there may be situations where some applications that were previously able to successfully connect to an LDAPS server may no longer be able to do so. Such applications may, if they deem appropriate, disable endpoint identification using a new system property: com.sun.jndi.ldap.object.disableEndpointIdentification.
Define this system property (or set it to true) to disable endpoint identification algorithms.
Set the above system property in the JVM args, e.g.
And run bin/dsjavaproperties.