Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-10909

Backport OPENIDM-9797: Self-signed certificate used for HTTPS not in OpenIDM trust store anymore

    Details

      Description

      In OPENIDM-7072 Jake Feasel raised an issue about "Self-signed certificate used for HTTPS not in OpenIDM trust store
      ". This was fixed OK at that time. Now it is not working anymore.

      It was still working in afaa7db
      It is not working anymore in 68cc687
      => so the regression happened in between... maybe the update to "forgerock-commons 23.0.0-alpha-14"

      Here is how to reproduce the problem:

      curl -u openidm-admin:openidm-admin -X POST -k "https://localhost:8443/openidm/external/rest?_action=call" -H "Content-Type: application/json" --data '{"url": "https://localhost:8443/openidm/info/login","method":"GET","headers":{"X-OpenIDM-Username":"openidm-admin","X-OpenIDM-Password":"openidm-admin"}}'
      

      Fails with this error in console/log:

      -> OpenIDM version "6.0.0-SNAPSHOT" (revision: d186852) jenkins-openidm-pipelines-openidm-master-postcommit-38
      OpenIDM ready
      Dec 05, 2017 4:22:59 PM org.forgerock.http.servlet.HttpFrameworkServlet lambda$service$1
      SEVERE: RuntimeException caught
      java.lang.RuntimeException: javax.net.ssl.SSLPeerUnverifiedException: Host name 'localhost' does not match the certificate subject provided by the peer (CN=openidm-localhost, O=OpenIDM Self-Signed Certificate, OU=None, L=None, ST=None, C=None)
      	at org.forgerock.http.apache.async.AsyncHttpClient$PromiseHttpAsyncResponseConsumer.lambda$failed$1(AsyncHttpClient.java:234)
      	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
      	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at java.lang.Thread.run(Thread.java:745)
      Caused by: javax.net.ssl.SSLPeerUnverifiedException: Host name 'localhost' does not match the certificate subject provided by the peer (CN=openidm-localhost, O=OpenIDM Self-Signed Certificate, OU=None, L=None, ST=None, C=None)
      	at org.apache.http.nio.conn.ssl.SSLIOSessionStrategy.verifySession(SSLIOSessionStrategy.java:208)
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                patrickdiligent patrick diligent
                Reporter:
                mark.offutt Mark Offutt
                QA Assignee:
                Jakub Janoska
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: