OUD 11g/12c - Error After Instance Creation "java.security.cert.CertificateException: No subject alternative names present" when Running "status" Command Found with JDK8u181 & JDK7_191 Versions and Greater
(Doc ID 2470313.1)
Last updated on MARCH 29, 2023
Applies to:
Oracle Unified Directory - Version 11.1.2.3.0 and laterInformation in this document applies to any platform.
Symptoms
This issue occurs for any LDAPS connections including OUD commands (like dsconfig, status, dsreplication and using ldap[search|modify|delete] over the secure port).
Examples -
Running status:
Administrator user bind DN [cn=$DS_ADMIN]:
Password for user 'cn=$DS_ADMIN':
Error reading configuration. Details:
javax.naming.CommunicationException: 0.0.0.0:<ADMIN_PORT> [Root exception is
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException:
No subject alternative names matching IP address 0.0.0.0 found]
Error encountered running dsconfig:
Unable to connect to the server at localhost on port <ADMIN_PORT>...
Error running dsreplication:
$ ./dsreplication status
Do you trust this server certificate?
1) No
2) Yes, for this session only
3) Yes, also add it to a truststore
4) View certificate details
Enter choice [2]: 2
An error occurred connecting to the server. Details:
javax.naming.CommunicationException: myOUDhost:<ADMIN_PORT> [Root exception is
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException:
No subject alternative DNS name matching myOUDhost found.]
Other Error:
Or, another error the "dsreplication status" could fail with:
Could not connect to the server <hostname:admin port>. Check that the
server is running and that is accessible from the local machine. Details:
<hostname:admin port>
Details: oracle.idm.oud.topologyapi.connections.ConnectionException
Changes
Upgraded java from"1.8.0_151" to "1.8.0_181" on OUD servers (primary, replica and proxy)
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
Solution #1 - Use the Fully Qualified Domain Name (FQDN) |
Solution #2 (when FQDN can not be used) - Disable the Security Check |
References |