Application cannot connect to VSM using SSL - Cannot Verify the Server Name
search cancel

Application cannot connect to VSM using SSL - Cannot Verify the Server Name


Article ID: 109641


Updated On:


CA Application Test CA Continuous Application Insight (PathFinder) Service Virtualization


A virtual service was created and the option to use SSL enabled in the HTTP Listen step.

There are no issues to deploy the service, but when a request is sent, getting errors that indicate the self-signed SSL certificate for the DevTest virtual service is not installed correctly.


All supported DevTest releases.


By looking at the client application log files, verified the exception in the client application connecting to the VSE was "Cannot Verify the Server Name".

By default, if the keystore provided in the VSM is not changed, it will use the self-signed key delivered with DevTest - webreckeys.ks. This is a self-signed keystore issued to Lisa.

When the client application sends a request to the VSM, it returns the lisa key and since this does not match with the VSE server name the application is trying to access it returns a name mismatch error - The common name in the SSL certificate does not match the address that was provided in the application.


In this case, created a new self-signed key issued to the VSE Server:
$ ./keytool -genkey -keyalg RSA -alias VSESERVER -keystore keystore.jks -storepass password -validity 360 -keysize 2048

The common name (CN), first and last name, needs to be how the application access the VSE Server - server FQDN, hostname, IP address...

After the key was created, exported the certificate using the command below:
$ ./keytool -export -alias VSESERVER -file mycert.cer -keystore keystore.jks

The exported certificate was then imported to the client application truststore.

The VSM was modified to use the new keystore created above and redeployed.

After these steps, the client application was able to connect to the Virtual Service Model.