Hi all, anyone succeded in using send-request to send data to an HTTPS server? No matter how hard I try (even handling all that Certificate import stuff) I conntinuosly get this error message.
[HC0001] java.security.cert.CertificateException: No subject alternative names present
Any hints? Thank you, Marco. __
Marco Lettere wrote:
Hi,
anyone succeded in using send-request to send data to an HTTPS server? No matter how hard I try (even handling all that Certificate import stuff) I conntinuosly get this error message.
[HC0001] java.security.cert.CertificateException: No subject alternative names present
Do you use an IP instead of a domain name? Are those links of any help?
http://stackoverflow.com/questions/10258101/sslhandshakeexception-no-subject... http://stackoverflow.com/questions/8443081/how-are-ssl-certificate-server-na...
Regards,
Yes, thanks to all for the contributions. Fortunately I'm in control of the HTTPS server side so I could fix the SSL certificate there by recreating it with the keytool options
-ext nas=ip:X.Y.Z.W,dns:localhost,dns:demohost
This adds a section like this
SubjectAlternativeName [ DNSName: localhost DNSName: demohost IPAddress: X.Y.Z.W ]
into the certificate stored on the created server's keystore (jks). I then imported it (always with keytool) into the cacerts of the jdk I use to run basex with. Finally I restarted basex server and gui. At that point everything works fine and I can send-request to either of the three possibilities ('localhost', ip address or any other added dns name like 'demohost').
I know this is not basex specific but maybe this detailed answer could be useful for anyone who will stumble upon this discussion for the same reasons as mines.
Thanks again, Marco.
On 02/06/2014 02:59 PM, Florent Georges wrote:
Marco Lettere wrote:
Hi,
anyone succeded in using send-request to send data to an HTTPS server? No matter how hard I try (even handling all that Certificate import stuff) I conntinuosly get this error message.
[HC0001] java.security.cert.CertificateException: No subject alternative names present
Do you use an IP instead of a domain name? Are those links of any help?
http://stackoverflow.com/questions/10258101/sslhandshakeexception-no-subject... http://stackoverflow.com/questions/8443081/how-are-ssl-certificate-server-na...
Regards,
-- Florent Georges http://fgeorges.org/ http://h2oconsulting.be/
Hello, I have the same problem with https (in combination with numerical IP address), but I have no control over the SSL certificates. I know that JMeter accesses the server without problems, so I suppose that in principle it would be possible to solve the problem within the http module, without client intervention.
I would greatly appreciate if a solution could be found so that the http module works robustly and out of the box. I find the http module extremely important. It it works just fine it can make BaseX very attractive for people who are far from thinking that an XML database is of any interest to them.
Cheers, Hans-Juergen
Marco Lettere marco.lettere@dedalus.eu schrieb am 17:08 Donnerstag, 6.Februar 2014:
Yes, thanks to all for the contributions. Fortunately I'm in control of the HTTPS server side so I could fix the SSL certificate there by recreating it with the keytool options
-ext nas=ip:X.Y.Z.W,dns:localhost,dns:demohost
This adds a section like this
SubjectAlternativeName [ DNSName: localhost DNSName: demohost IPAddress: X.Y.Z.W ]
into the certificate stored on the created server's keystore (jks). I then imported it (always with keytool) into the cacerts of the jdk I use to run basex with. Finally I restarted basex server and gui. At that point everything works fine and I can send-request to either of the three possibilities ('localhost', ip address or any other added dns name like 'demohost').
I know this is not basex specific but maybe this detailed answer could be useful for anyone who will stumble upon this discussion for the same reasons as mines.
Thanks again, Marco.
On 02/06/2014 02:59 PM, Florent Georges wrote:
Marco Lettere wrote:
Hi,
anyone succeded in using send-request to send data to an
HTTPS
server? No matter how hard I try (even handling all that
Certificate import
stuff) I conntinuosly get this error message.
[HC0001] java.security.cert.CertificateException: No
subject
alternative names present
Do you use an IP instead of a domain name? Are those links of
any
help?
http://stackoverflow.com/questions/10258101/sslhandshakeexception-no-subject... http://stackoverflow.com/questions/8443081/how-are-ssl-certificate-server-na...
Regards,
-- Florent Georges http://fgeorges.org/ http://h2oconsulting.be/
_______________________________________________ BaseX-Talk mailing list BaseX-Talk@mailman.uni-konstanz.de https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk
Hi,
Well, the reason of certificates in HTTPS is to ensure security. If the client cannot match the URL you use the certificate sent back by the server, then it might be another server responding. Or it might be that you access the server with another domain name or IP than the one in the certificate. In that case, JMeter is probably by-passing this and use the server anyway, whilst the HTTP module looks like preventing access (which apparently is mandatory as by RFC 2818 and RFC 6125).
The best option is probably to have a look at the certificate and see what domain name or IP it uses.
Regards,
I confirm, the other (only) possibility is to write a custom hostname verifier that should be built into a custom basex build. The best solution is to look at the Certificate's CN and possible alternate names and try to match them in the request. Something like
openssl s_client -connect YOURSSLSERVER
should do on linux with the openSSL client... M.
On 02/07/2014 05:36 PM, Florent Georges wrote:
Hi,
Well, the reason of certificates in HTTPS is to ensure security. If the client cannot match the URL you use the certificate sent back by the server, then it might be another server responding. Or it might be that you access the server with another domain name or IP than the one in the certificate. In that case, JMeter is probably by-passing this and use the server anyway, whilst the HTTP module looks like preventing access (which apparently is mandatory as by RFC 2818 and RFC 6125).
The best option is probably to have a look at the certificate and see what domain name or IP it uses.
Regards,
Just pointing out a related thread: https://groups.google.com/forum/#!topic/expath/mZ0BVLNzhe8 Cheers, -carl
On Feb 7, 2014, at 11:59 AM, Marco Lettere marco.lettere@dedalus.eu wrote:
I confirm, the other (only) possibility is to write a custom hostname verifier that should be built into a custom basex build. The best solution is to look at the Certificate's CN and possible alternate names and try to match them in the request. Something like
openssl s_client -connect YOURSSLSERVER
should do on linux with the openSSL client... M.
On 02/07/2014 05:36 PM, Florent Georges wrote:
Hi,
Well, the reason of certificates in HTTPS is to ensure security. If the client cannot match the URL you use the certificate sent back by the server, then it might be another server responding. Or it might be that you access the server with another domain name or IP than the one in the certificate. In that case, JMeter is probably by-passing this and use the server anyway, whilst the HTTP module looks like preventing access (which apparently is mandatory as by RFC 2818 and RFC 6125).
The best option is probably to have a look at the certificate and see what domain name or IP it uses.
Regards,
BaseX-Talk mailing list BaseX-Talk@mailman.uni-konstanz.de https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk
basex-talk@mailman.uni-konstanz.de
-
Carl Leitner -
Florent Georges -
Hans-Juergen Rennau -
Marco Lettere