- When trying to authenticate in Jenkins using ldaps, I am getting the error shown below:
[Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching XXXXX found.]];
- CloudBees CI (CloudBees Core) on traditional platforms - Client Master
- CloudBees CI (CloudBees Core) on traditional platforms - Operations Center
- CloudBees Jenkins Enterprise
- CloudBees Jenkins Team
- CloudBees Jenkins Platform - Client Master
- CloudBees Jenkins Platform - Operations Center
- Jenkins LTS
- Java version 1.8_181 or higher
- In recent versions of the JDK there was a change on the way that the ldap hostname is validated. The change was to increase the security and thus the exception reported is a valid error that you should correct. You can get additional details on the change that we are talking about by reviewing the 1.8.181 Release Notes under the Improve LDAP Support section.
In order to correct this appropriately you should ensure that you include the complete URL for your ldap server in the certificate, you can do it in the Subject or Alternate Name extension of the certificate.
There is a short term solution to workaround through this exception and it is by adding the following parameter to the Java Options.
Please, be sure that your security team validates this change as it is disabling the extra security element included in the JDK as mentioned previously
- CloudBees CI (CloudBees Core) on traditional platforms - Client Master v126.96.36.199
- JVM Implementation Version: 25.181-b25