Host name does not match the certificate subject provided by the peer, but it's a perfect match

I have two servers that need to speak with each other using HTTPS.

Let’s call them ‘server’ and ‘client’ in this case where ‘client is making an https call to ‘server’.

  • How to run aiohttp with gunicorn in docker container?
  • docker-compose up recreates container when config is unchanged
  • Passenger Still Runs in Production Despite Everything Seeming to Be Correct?
  • Dockerfile production/build/debug/test environment
  • why does docker-compose up remove other running conainters?
  • Cannot start container: process is killed
  • In production the server will have a valid CA certificate but while testing we will use a self-signed certificate.

    As I understand it this is what we have to do:

    1. create the certificate
    2. add it to the keystore on server
    3. add it to the trusted cacerts keystore on client (so that it will accept this self-signed cert when trying to make https calls)

    this is all done, but when making the call I get this error:

    Caused by: javax.net.ssl.SSLPeerUnverifiedException: Host name 'docker-abc-123' does not match the certificate subject provided by the peer (CN=docker-abc-123, OU=unit, O=org, L=city, ST=area, C=xx)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:465) [httpclient-4.5.jar:4.5]
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:395) [httpclient-4.5.jar:4.5]
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) [httpclient-4.5.jar:4.5]
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) [httpclient-4.5.jar:4.5]
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) [httpclient-4.5.jar:4.5]
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) [httpclient-4.5.jar:4.5]
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) [httpclient-4.5.jar:4.5]
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) [httpclient-4.5.jar:4.5]
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) [httpclient-4.5.jar:4.5]
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) [httpclient-4.5.jar:4.5]
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) [httpclient-4.5.jar:4.5]
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) [httpclient-4.5.jar:4.5]
    at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:91) [spring-web-4.1.4.RELEASE.jar:4.1.4.RELEASE]
    at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48) [spring-web-4.1.4.RELEASE.jar:4.1.4.RELEASE]
    at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53) [spring-web-4.1.4.RELEASE.jar:4.1.4.RELEASE]
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:568) [spring-web-4.1.4.RELEASE.jar:4.1.4.RELEASE]
    ... 10 more
    

    Even though the host name exactly matches the “Common Name” in the certificate. What can possibly cause this? Any ideas are welcome!

  • Is there a way to build docker image from two jars such as each jar locates in it's own layer
  • Linking to a Docker memcached container
  • Docker - How to check if curl command inside Dockerfile had response code 200
  • AWS ECS leader commands (django migrate)
  • Docker API: cpu_stats vs percpu_stats
  • Docker container interact mode auto closing issue in docker-machine
  • One Solution collect form web for “Host name does not match the certificate subject provided by the peer, but it's a perfect match”

    If there is a Subject Alternative Names extension in the certificate, the common name is ignored, and the SAN must include a matching identifier for your host.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.