Tuesday, 21 May 2013

No Name Matching localhost found Error : Tomcat and CAS configuration

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found
This error occurs when we try to connect to https enabled web service using standalone java program for localhost configuration.
This Post provides the solution by adding javax.net.ssl.HostnameVerifier in the java program.
But , sometimes we can not change the code because of third party code restriction . For example , setting up and configuring CAS. CAS also uses http client to connect to the CAS server war application deployed on server.
To overcome this problem , we can import the certificate for localhost in our java environment by following these simple steps :
First of all , create a keystore by using keytool present in your $JDK_HOME/bin directory.
keytool -genkey -alias tomcat -keystore ./keystore -keyalg RSA

Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  localhost
What is the name of your organizational unit?
  [Unknown]:  localhost
What is the name of your organization?
  [Unknown]:  localhost
What is the name of your City or Locality?
  [Unknown]:  localhost
What is the name of your State or Province?
  [Unknown]:  localhost
What is the two-letter country code for this unit?
  [Unknown]:  in
Is CN=localhost, OU=localhost, O=localhost, L=localhost, ST=localhost, C=in correct?
  [no]:  yes


make sure you enter localhost for first name and last name .
Now copy the generated key to tomcat home directory and configure the tomcat to enable SSL like this :
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
 maxThreads="150" scheme="https" secure="true" keystoreFile="keystore" keystorePass="changeit"
               clientAuth="false" sslProtocol="TLS" />

Now restart tomcat and you should be able to access https on https://localhost:8443 Now export the certificate of this localhost:8443 to disk using your browser.(In mozilla you will find option to export in certificate viewer tab )
Now use the keytool in your jdk to import this certificate in your jvm certificates.
keytool -importcert -alias tomcat -file ${PATH_WHERE_CERT_IS_EXPORTED} -keystore $JDK_HOME\jre\lib\security\cacerts

That's it . Now you can run your standalone java program without modifying it.
Post your comments and Suggestions !!!