Uploaded image for project: 'Java Driver'
  1. Java Driver
  2. JAVA-2573

java.security.cert.CertificateException: No subject alternative names matching IP address - Document supported JDK versions

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Documentation
    • Labels:
      None

      Description

      Hi,

      When trying to connect to Atlas M0 using JDK 1.8.60, we got:

      2017-07-30 14:42:47.353 INFO 12652 — [ngodb.net:27017] org.mongodb.driver.cluster : Exception in monitor thread while connecting to server cluster0-shard-00-01-d4sfb.mongodb.net:27017
      com.mongodb.MongoSocketWriteException: Exception sending message
      at com.mongodb.connection.InternalStreamConnection.translateWriteException(InternalStreamConnection.java:465) ~[mongodb-driver-core-3.4.2.jar:na]
      at com.mongodb.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:208) ~[mongodb-driver-core-3.4.2.jar:na]
      at com.mongodb.connection.CommandHelper.sendMessage(CommandHelper.java:89) ~[mongodb-driver-core-3.4.2.jar:na]
      at com.mongodb.connection.CommandHelper.executeCommand(CommandHelper.java:32) ~[mongodb-driver-core-3.4.2.jar:na]
      at com.mongodb.connection.InternalStreamConnectionInitializer.initializeConnectionDescription(InternalStreamConnectionInitializer.java:85) ~[mongodb-driver-core-3.4.2.jar:na]
      at com.mongodb.connection.InternalStreamConnectionInitializer.initialize(InternalStreamConnectionInitializer.java:45) ~[mongodb-driver-core-3.4.2.jar:na]
      at com.mongodb.connection.InternalStreamConnection.open(InternalStreamConnection.java:116) ~[mongodb-driver-core-3.4.2.jar:na]
      at com.mongodb.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:113) ~[mongodb-driver-core-3.4.2.jar:na]
      at java.lang.Thread.run(Thread.java:745) [na:1.8.0_60]
      Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 52.2.67.146 found
      at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_60]
      at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) ~[na:1.8.0_60]
      at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) ~[na:1.8.0_60]
      at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[na:1.8.0_60]
      at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1506) ~[na:1.8.0_60]
      at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[na:1.8.0_60]
      at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[na:1.8.0_60]
      at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) ~[na:1.8.0_60]
      at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) ~[na:1.8.0_60]
      at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[na:1.8.0_60]
      at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747) ~[na:1.8.0_60]
      at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123) ~[na:1.8.0_60]
      at com.mongodb.connection.SocketStream.write(SocketStream.java:75) ~[mongodb-driver-core-3.4.2.jar:na]
      at com.mongodb.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:204) ~[mongodb-driver-core-3.4.2.jar:na]
      ... 7 common frames omitted
      Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 52.2.67.146 found
      at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:167) ~[na:1.8.0_60]
      at sun.security.util.HostnameChecker.match(HostnameChecker.java:93) ~[na:1.8.0_60]
      at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455) ~[na:1.8.0_60]
      at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436) ~[na:1.8.0_60]
      at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200) ~[na:1.8.0_60]
      at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[na:1.8.0_60]
      at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1488) ~[na:1.8.0_60]
      

      The problem was resolved by upgrading JDK 1.8.60 to 1.8.144.

      This is related to https://bugs.openjdk.java.net/browse/JDK-8133196. We need to indicate which JDK versions are supported.

        Attachments

          Activity

            People

            Assignee:
            ross.lawley Ross Lawley
            Reporter:
            tomer.yakir Tomer Yakir
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: