Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

iControl Java API Certificate Mismatch Suppression - Is it possible?

Hi,

I'm working with the Java iControl.jar file in a project, and am working with a freshly installed instance of BIG-IP 11.5. It appears that the certificate from the server reports 'localhost' as the host name.

This appears to be causing an error when I attempt to invoke get_system_information().

Is there any way to temporarily configure the iControl API to accept a hostname mismatch while in development mode?

Thanks for any tips!

The error that I m getting is:

AxisFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException faultSubcode: faultString: javax.net.ssl.SSLException: hostname in certificate didn't match: <10.105.135.50> != faultActor: faultNode: faultDetail: {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLException: hostname in certificate didn't match: <10.105.135.50> != at org.apache.axis.components.net.JSSESocketFactory.verifyHostName(JSSESocketFactory.java:351) at org.apache.axis.components.net.JSSESocketFactory.verifyHostName(JSSESocketFactory.java:287) at org.apache.axis.components.net.JSSESocketFactory.verifyHostName(JSSESocketFactory.java:270) at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:216) at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191) at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404) at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138) at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) at org.apache.axis.client.Call.invokeEngine(Call.java:2784) at org.apache.axis.client.Call.invoke(Call.java:2767) at org.apache.axis.client.Call.invoke(Call.java:2443) at org.apache.axis.client.Call.invoke(Call.java:2366) at org.apache.axis.client.Call.invoke(Call.java:1812) at iControl.SystemSystemInfoBindingStub.get_system_information(SystemSystemInfoBindingStub.java:1784) at com.f5._interface.soap.SOAPInterface.connect(SOAPInterface.java:112) at com.f5._interface.soap.SOAPInterface.CanConnectToBigIP(SOAPInterface.java:136) at com.f5.plugin.iControlLocalLB.connect(iControlLocalLB.java:192) at com.f5.plugin.iControlLocalLB.retrievePoolList(iControlLocalLB.java:286) at com.f5.plugin.iControlLocalLB.verifyCache(iControlLocalLB.java:275) at com.f5.plugin.iControlLocalLB.getVirtualServers(iControlLocalLB.java:744) at com.f5.plugin.TestHarness.TestLocalLB(TestHarness.java:461) at com.f5.plugin.TestHarness.main(TestHarness.java:599)

{http://xml.apache.org/axis/}hostname:VIEW51-W7PFIN06

javax.net.ssl.SSLException: hostname in certificate didn't match: <10.105.135.50> != at org.apache.axis.AxisFault.makeFault(AxisFault.java:101) at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154) at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)

2
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

The code should be in there to do that already. There is an implementation of an XTrustProvider that injects itself in the ServicePointManager and allows that case. What version of the iControl library for Java are you using? I'll test it out and see if I can recreate the issue.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi Joe,

I'm fairly certain that I'm using the iControl 11.3 jar file.

Since posting this the appropriate certificates have been added and everything is fine now.

Cheers,

Demetree

0