java.io.IOException: HTTPS hostname wrong: should be

By: Ramlak in Java Tutorials on 2007-07-12

This error occurs when you are trying to access a HTTPS url. You might have already installed the server certificate to your JRE's keystore. But this error means that the name of the server certificate does not match with the actual domain name of the server that is mentioned in the URL. This normally happens when you are using a non CA issued certificate.

But of course you can overcome this problem by instructing the JRE to trust all certificates and to ignore the mis match in the domain name and the certificate issuer. Here is the snippet of code that can be used to achieve this.

This is not the complete class. But I have provided the complete code that is functional. You just have to copy the entire code below add it to any of your class and then call the subscribe function from anywhere you want.

public String subscribe(String dist,String userid,String password,
	String email,String name,String expirydate) throws Exception{
        String resp = "";
        String urlString="https://<secureserver>/";
        URL url;
        URLConnection urlConn;
        DataOutputStream printout;
        DataInputStream input;
        String str = "";
        int flag=1;
        
        try {
            Properties sysProperties = System.getProperties();

	   // change proxy settings if required and enable the below lines
           // sysProperties.put("proxyHost", "proxy.starhub.net.sg");
           // sysProperties.put("proxyPort", "8080");
           // sysProperties.put("proxySet",  "true");

// Now you are telling the JRE to ignore the hostname
               HostnameVerifier hv = new HostnameVerifier()
    {
        public boolean verify(String urlHostName, SSLSession session)
        {
            System.out.println("Warning: URL Host: " + urlHostName + " vs. "
                    + session.getPeerHost());
            return true;
        }
    };
           // Now you are telling the JRE to trust any https server. 
           // If you know the URL that you are connecting to then this should not be a problem
            trustAllHttpsCertificates();
             HttpsURLConnection.setDefaultHostnameVerifier(hv);
    
            url = new URL(urlString);
            urlConn = url.openConnection();
            urlConn.setDoInput(true);
            Object object;
            urlConn.setUseCaches(false);
            
            urlConn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            input = new DataInputStream(urlConn.getInputStream());
            
            while (null != ((str = input.readLine()))){
                if (str.length() >0){
                    str = str.trim();
                    if(!str.equals("")){
                        //System.out.println(str);
                        resp += str;
                    }
                }
            }
            input.close();
        }catch(MalformedURLException mue){ mue.printStackTrace();}
        catch(IOException ioe){ ioe.printStackTrace();}
        
        return resp;
    }

// Just add these two functions in your program

    public static class miTM implements javax.net.ssl.TrustManager,
            javax.net.ssl.X509TrustManager
    {
        public java.security.cert.X509Certificate[] getAcceptedIssuers()
        {
            return null;
        }
 
        public boolean isServerTrusted(
                java.security.cert.X509Certificate[] certs)
        {
            return true;
        }
 
        public boolean isClientTrusted(
                java.security.cert.X509Certificate[] certs)
        {
            return true;
        }
 
        public void checkServerTrusted(
                java.security.cert.X509Certificate[] certs, String authType)
                throws java.security.cert.CertificateException
        {
            return;
        }
 
        public void checkClientTrusted(
                java.security.cert.X509Certificate[] certs, String authType)
                throws java.security.cert.CertificateException
        {
            return;
        }
    }

 
    private static void trustAllHttpsCertificates() throws Exception
    {
 
        //  Create a trust manager that does not validate certificate chains:
 
        javax.net.ssl.TrustManager[] trustAllCerts =
 
        new javax.net.ssl.TrustManager[1];
 
        javax.net.ssl.TrustManager tm = new miTM();
 
        trustAllCerts[0] = tm;
 
        javax.net.ssl.SSLContext sc =
 
        javax.net.ssl.SSLContext.getInstance("SSL");
 
        sc.init(null, trustAllCerts, null);
 
        javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(
 
        sc.getSocketFactory());
 
    }

 If you are not able to compile it is probably due to import issues. 
So see if these are imported in your class.

import java.security.Security;
import java.security.Provider;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import javax.net.ssl.*;

Previous
<< 'LINK.EXE' is not recognized as an internal or ext

Next
Sample program to demonstrate the use of ActionListener >>