API Gateway - Could not verify hostname

book

Article ID: 197668

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7

Issue/Introduction

I am configuring the "Send Email" assertion with an office 365 smtp. But when doing a test it gives me a problem that does not recognize the hostname.

The following error is displayed in the log:
2020-08-02T12:47:44.451-0300 WARNING 632 com.l7tech.server.transport.http.SslClientHostnameVerifier: Could not verify hostname 'smtp.Office365HostName.com'.

Cause

Hostname can not be verified on a trusted certificate.

Environment

Component : API GATEWAY

Resolution

To prevent this add the com.l7tech.server.policy.emailalert.useDefaultSsl system property to bypasses the additional renegotiation.

 

1. Connect to the Gateway and edit: /opt/SecureSpan/Gateway/node/default/etc/conf/system.properties

2. Add this property com.l7tech.server.policy.emailalert.useDefaultSsl=TRUE

3. Save the file and restart the gateway.

4. The office365 root certificate should be added to the gateway trust store( Policy manager-> Manage Certificates) with the proper hostname.

5. The certificate has the "Use" option and "Outbound SSL" selected in the Certificate Properties, under the Options

5. In Email alert properties select protocol as “SMTP with STARTTLS” port 25/587.

7. Select Server Required Authentication checkbox.

8. The domain name must be provided for all user names and email ids(Ex: [email protected]).

9. Adding proper email ids it should send email normally.

Additional Information

For more information see our Documentation on Verifying Hostnames for Outbound SSL Connections.