SSLPeerUnverifiedException -Reports are not generated or unable to load in Devtest Portal.

book

Article ID: 225945

calendar_today

Updated On:

Products

Service Virtualization

Issue/Introduction

Reports Tab is spinning and unable to load in the Portal. 

Caused by: javax.net.ssl.SSLPeerUnverifiedException: Certificate for <localhost> doesn't match any of the subject alternative names: [ABC00A0089.abc.com, ABC00A0089, ABC00A0089.abc.corp]

How do we resolve this?  

Also, is there a way to disable the check for DNS name match in Certificates for DEVTEST Portal? 

Cause

The issue is because the common name or Subject Alternative Name of the SSL Certificate does not match with the domain or hostname value of the registry.host property in phoenix.properties file. As the SSL certificate they added to the Keystore file specified in the "phoenix.ssl.keystore".doesn't have "localhost" as the Subject Alternative Name it is failing to establish the connection with the below error:

Environment

Release : 10.6

Component : DevTest Application Test

Resolution

If using Valid certs: 

You need to add the below property in phoenix.properties file with any of the SANs mentioned in the error message:

registry.host=FQDN(the hostname with which registry is getting called)

Example:

registry.host=ABC00A0089

registry.https.enabled=true

OR

We can disable the SSL hostname validation by adding the below property in Portal.vmoptions or PortalService.vmoptions.

-Dzuul.sslHostnameValidationEnabled=false