No subject alternative DNS name matching hawkular-apm-infra.192.168.64.25.nip.io found
Closed this issue · 3 comments
cmoulliard commented
This error is reported by the javaagent running with a Service(a/b) Spring Boot app
export HAWKULAR_APM_USERNAME=admin
export HAWKULAR_APM_PASSWORD=password
export HAWKULAR_APM_URI=https://hawkular-apm-infra.192.168.64.25.nip.io
mvn spring-boot:run -Drun.jvmArguments=-javaagent:target/lib/opentracing-agent.jar
Java HotSpot(TM) 64-Bit Server VM warning: ignoring option PermSize=256m; support was removed in 8.0
Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=512m; support was removed in 8.0
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building servicea 1.0.0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] >>> spring-boot-maven-plugin:1.5.2.RELEASE:run (default-cli) > test-compile @ servicea >>>
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ servicea ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 0 resource
[INFO] Copying 1 resource
[INFO]
[INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ servicea ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-dependency-plugin:2.10:copy (get-agent) @ servicea ---
[INFO] Configured Artifact: io.opentracing.contrib:opentracing-agent:?:jar
[INFO] Copying opentracing-agent-0.0.11.jar to /Users/chmoulli/Temp/to_be_deleted/java-agent-spring-boot-example/servicea/target/lib/opentracing-agent.jar
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ servicea ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory /Users/chmoulli/Temp/to_be_deleted/java-agent-spring-boot-example/servicea/src/test/resources
[INFO]
[INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ servicea ---
[INFO] No sources to compile
[INFO]
[INFO] <<< spring-boot-maven-plugin:1.5.2.RELEASE:run (default-cli) < test-compile @ servicea <<<
[INFO]
[INFO] --- spring-boot-maven-plugin:1.5.2.RELEASE:run (default-cli) @ servicea ---
[INFO] Attaching agents: []
objc[6533]: Class JavaLaunchHelper is implemented in both /Library/Java/JavaVirtualMachines/jdk1.8.0_102.jdk/Contents/Home/jre/bin/java and /Library/Java/JavaVirtualMachines/jdk1.8.0_102.jdk/Contents/Home/jre/lib/libinstrument.dylib. One of the two will be used. Which one is undefined.
May 05, 2017 3:04:56 PM io.opentracing.contrib.global.GlobalTracer register
INFO: Registered GlobalTracer Hawkular APM Tracer [BatchTraceRecorder batchSize=1000 [REST client uri=https://hawkular-apm-infra.192.168.64.25.nip.io/ username=admin]] (previously null).
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v1.5.2.RELEASE)
2017-05-05 15:04:56.880 INFO 6533 --- [ main] com.example.servicea.RestApplication : Starting RestApplication on dabou-macosx with PID 6533 (/Users/chmoulli/Temp/to_be_deleted/java-agent-spring-boot-example/servicea/target/classes started by chmoulli in /Users/chmoulli/Temp/to_be_deleted/java-agent-spring-boot-example/servicea)
2017-05-05 15:04:56.884 INFO 6533 --- [ main] com.example.servicea.RestApplication : No active profile set, falling back to default profiles: default
2017-05-05 15:04:56.956 INFO 6533 --- [ main] ationConfigEmbeddedWebApplicationContext : Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@3c73951: startup date [Fri May 05 15:04:56 CEST 2017]; root of context hierarchy
2017-05-05 15:04:58.340 INFO 6533 --- [ main] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat initialized with port(s): 8080 (http)
2017-05-05 15:04:58.360 INFO 6533 --- [ main] o.apache.catalina.core.StandardService : Starting service Tomcat
2017-05-05 15:04:58.362 INFO 6533 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet Engine: Apache Tomcat/8.5.11
2017-05-05 15:04:58.539 INFO 6533 --- [ost-startStop-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2017-05-05 15:04:58.539 INFO 6533 --- [ost-startStop-1] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 1590 ms
2017-05-05 15:04:58.682 INFO 6533 --- [ost-startStop-1] o.s.b.w.servlet.ServletRegistrationBean : Mapping servlet: 'dispatcherServlet' to [/]
2017-05-05 15:04:58.684 INFO 6533 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: 'characterEncodingFilter' to: [/*]
2017-05-05 15:04:58.685 INFO 6533 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: 'hiddenHttpMethodFilter' to: [/*]
2017-05-05 15:04:58.685 INFO 6533 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: 'httpPutFormContentFilter' to: [/*]
2017-05-05 15:04:58.685 INFO 6533 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: 'requestContextFilter' to: [/*]
2017-05-05 15:04:59.006 INFO 6533 --- [ main] s.w.s.m.m.a.RequestMappingHandlerAdapter : Looking for @ControllerAdvice: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@3c73951: startup date [Fri May 05 15:04:56 CEST 2017]; root of context hierarchy
2017-05-05 15:04:59.178 INFO 6533 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/greeting]}" onto public com.example.servicea.Greeting com.example.servicea.GreetingController.greeting(java.lang.String)
2017-05-05 15:04:59.185 INFO 6533 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error]}" onto public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)
2017-05-05 15:04:59.185 INFO 6533 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error],produces=[text/html]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
2017-05-05 15:04:59.225 INFO 6533 --- [ main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/webjars/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-05-05 15:04:59.225 INFO 6533 --- [ main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-05-05 15:04:59.281 INFO 6533 --- [ main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-05-05 15:04:59.473 INFO 6533 --- [ main] o.s.j.e.a.AnnotationMBeanExporter : Registering beans for JMX exposure on startup
2017-05-05 15:04:59.662 INFO 6533 --- [ main] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat started on port(s): 8080 (http)
2017-05-05 15:04:59.669 INFO 6533 --- [ main] com.example.servicea.RestApplication : Started RestApplication in 3.152 seconds (JVM running for 4.094)
2017-05-05 15:05:10.708 INFO 6533 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring FrameworkServlet 'dispatcherServlet'
2017-05-05 15:05:10.709 INFO 6533 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization started
2017-05-05 15:05:10.723 INFO 6533 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization completed in 14 ms
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching hawkular-apm-infra.192.168.64.25.nip.io found.
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1283)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1258)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at org.hawkular.apm.client.api.rest.AbstractRESTClient.lambda$withJsonPayloadAndResults$2(AbstractRESTClient.java:230)
at org.hawkular.apm.client.api.rest.AbstractRESTClient.withContext(AbstractRESTClient.java:125)
at org.hawkular.apm.client.api.rest.AbstractRESTClient.withJsonPayloadAndResults(AbstractRESTClient.java:220)
at org.hawkular.apm.client.api.rest.AbstractRESTClient.postAsJsonTo(AbstractRESTClient.java:208)
at org.hawkular.apm.trace.publisher.rest.client.TracePublisherRESTClient.publish(TracePublisherRESTClient.java:57)
at org.hawkular.apm.client.api.recorder.BatchTraceRecorder$4.run(BatchTraceRecorder.java:157)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching hawkular-apm-infra.192.168.64.25.nip.io found.
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:204)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 21 more
SEVERE: [AbstractRESTClient] [Thread[pool-2-thread-1,5,main]] Failed to post to [https://hawkular-apm-infra.192.168.64.25.nip.io/hawkular/apm/traces/fragments]
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching hawkular-apm-infra.192.168.64.25.nip.io found.
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1283)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1258)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at org.hawkular.apm.client.api.rest.AbstractRESTClient.lambda$withJsonPayloadAndResults$2(AbstractRESTClient.java:230)
at org.hawkular.apm.client.api.rest.AbstractRESTClient.withContext(AbstractRESTClient.java:125)
at org.hawkular.apm.client.api.rest.AbstractRESTClient.withJsonPayloadAndResults(AbstractRESTClient.java:220)
at org.hawkular.apm.client.api.rest.AbstractRESTClient.postAsJsonTo(AbstractRESTClient.java:208)
at org.hawkular.apm.trace.publisher.rest.client.TracePublisherRESTClient.publish(TracePublisherRESTClient.java:57)
at org.hawkular.apm.client.api.recorder.BatchTraceRecorder$4.run(BatchTraceRecorder.java:157)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching hawkular-apm-infra.192.168.64.25.nip.io found.
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:204)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 21 more
How to reproduce
minishift start --memory 4096
minishift console
oc new-project infra
oc create -f https://raw.githubusercontent.com/jboss-dockerfiles/hawkular-apm/master/openshift-templates/hawkular-apm-server-deployment.yml
objectiser commented
@cmoulliard Thanks - we'll check it out.
jpkrohling commented
@cmoulliard We allow bypassing HTTPS for the cases where it's not feasible or desirable to configure the client to add the server's cert to a trust store, so, you could just change the URL to use HTTP instead of HTTPS:
From:
export HAWKULAR_APM_URI=https://hawkular-apm-infra.192.168.64.25.nip.io
To:
export HAWKULAR_APM_URI=http://hawkular-apm-infra.192.168.64.25.nip.io
In the real world, however, the client would add OpenShift's service-ca.crt
to the trust store.
cmoulliard commented
That works using the HTTP address