Question

HTTS handshake: No subject alternative DNS name matching

0

So I am trying to call an external web service which uses a client certificate. From SoapUI I have this working, but from Mendix I'm having problems. The problem is in the fact that it is a dev-server with dev certificates which ca be accessed via the internet. But using a different host name of course. So it is quite logical that Java rejects the certificate. But I would like to turn these checks off with some setting. Does anyone know if I can disable these SSL checks somewhere via the settings? Or do I need to write some Java to set a different host name verifier which accepts anything?

asked 2017-08-25

Phillip Gussow

1 answers

Nikel Kruizinga · Answer 1 · 2017-08-25

I believe in theory the Mendix Cloud team could do this form you, but I don't think they should as in that case it would be a global setting for your whole app and not just this specific endpoint.

I see two possible solutions:

- Preferred: Have the people managing the endpoint you're connecting to produce a self-signed cert for the correct hostname. This should not be hard to do.

- Create your own Java action which calls the endpoint, in this case you have full control over the way the cert is checked. I would advice against this for multiple reasons. It's not a very good case for introducing custom Java code in your project, you introduce a security risk and you are not testing all aspects of the implementation that would be used in production.