Why am I getting No subject alternative DNS name matching XXX when connecting through ldaps?

Issue

  • When trying to authenticate in Jenkins using ldaps, I am getting the error shown below:
[Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching XXXXX found.]];

Environment

Resolution

  • In recent versions of the JDK there was a change on the way that the ldap hostname is validated. The change was to increase the security and thus the exception reported is a valid error that you should correct. You can get additional details on the change that we are talking about by reviewing the 1.8.181 Release Notes under the Improve LDAP Support section.

In order to correct this appropriately you should ensure that you include the complete URL for your ldap server in the certificate, you can do it in the Subject or Alternate Name extension of the certificate.

There is a short term solution to workaround through this exception and it is by adding the following parameter to the Java Options.

  • -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true

Please, be sure that your security team validates this change as it is disabling the extra security element included in the JDK as mentioned previously

Tested product/plugin versions

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.