Hostname in certificate didn't match
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
Confluence with SSL doesn’t work properly due to the domain from SSL Certificate doesn’t match with the requesting name.
The following appears in the atlassian-confluence.log.
2015-03-04 10:09:07,312 ERROR [http-8190-2] [renderer.internal.http.HttpClientFetcher] fetch Unable to retrieve response
-- url: /plugins/macrobrowser/browse-macros.action | userName: testuser | referer: https://confluence.test1.com/pages/viewpage.action?pageId=217321411 | action: browse-macros
javax.net.ssl.SSLException: hostname in certificate didn't match: <jira.test.com> != <confluence.test1.com> OR <test2.com> OR <confluence.test3.com>Diagnosis
The steps below can help to confirm the issue:
- Check the Server’s FQDN and make sure this matches the domain configured on the Certificate.
- Check the CN and DNSName from the output of the command below:
keytool -list -v -keystore <keystore-directory>/.keystoreCause
Hostname matching is done according to how the client identifies the host it's trying to access. If it's trying to access https://localhost/, then the certificate must be valid for localhost. If it's trying to access https://something-else.example, then the certificate must be valid for something-else.example, even if localhost and something-else.example are one and the same machine.
Solution
We have two possible resolutions:
- Generate a new SSL Certificate with the correct domain/hostname and URL following this documentation https://confluence.atlassian.com/display/DOC/Running+Confluence+Over+SSL+or+HTTPS
OR
- Fix the Server Domain/Hostname to match with the Certificate Domain/Hostname in the host file.