Exception in thread "main" java.rmi.RemoteException: VI SDK invoke exception:javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching abc.mydomain.com found
at com.vmware.vim25.ws.WSClient.invoke(WSClient.java:185)
at com.vmware.vim25.ws.WSClient.invoke(WSClient.java:116)
at com.vmware.vim25.ws.VimStub.retrieveServiceContent(VimStub.java:1177)
at com.vmware.vim25.mo.ServiceInstance.<init>(ServiceInstance.java:85)
at com.vmware.vim25.mo.ServiceInstance.<init>(ServiceInstance.java:69)
at com.vmware.vim25.mo.ServiceInstance.<init>(ServiceInstance.java:63)
at VimTest.main(VimTest.java:15)
I have -Djavax.net.ssl.trustStore set up so that if I use the VI SDK it works fine, but not with VI JAVA.
Any suggestions ?
Thanks,
Shai.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It depends how you construct the ServiceInstance. If you don't need SSL, you can just do like this:
ServiceInstance si = new ServiceInstance(new URL(urlStr), username, password, true);
Notice the last parameter -- true. It is "ignoreCert". If you set it true, you don't need to set the SSL key into the keystore.
If you set it to false, then you have to set the SSL key into keystore. When you run the code, you have to provide the keystore file.
When you use the keystore, you have to make sure that the domain name in your code has to be the same as you provided to the keystore. For example, you provided to the keystore as "10.10.1.1", while in your code you have "https://esx1.mydomain.com/sdk". Even though you know they are referring the same in your network, but it doesn't work. They have to be the same.
Please give it a try and let me know if how it goes.
-Steve
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Even I am trying to achieve the same and am getting the "No name matching abc.mydomain.com found' error.
So, when setting up the keystore, what path do I give? Should it be my local machine path or the path on the host? This code will be used at multiple places, so giving the local machine doesnt make sense.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I was under the impression that if the server requires a certificate then you have to use ignoreCert=false. As far as I know, my test server does require a certificate but I just tested it with ignoreCert=true and removed the javax.net.ssl.trustStore setting and it works fine.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I get the following exception:
Exception in thread "main" java.rmi.RemoteException: VI SDK invoke exception:javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching abc.mydomain.com found
at com.vmware.vim25.ws.WSClient.invoke(WSClient.java:185)
at com.vmware.vim25.ws.WSClient.invoke(WSClient.java:116)
at com.vmware.vim25.ws.VimStub.retrieveServiceContent(VimStub.java:1177)
at com.vmware.vim25.mo.ServiceInstance.<init>(ServiceInstance.java:85)
at com.vmware.vim25.mo.ServiceInstance.<init>(ServiceInstance.java:69)
at com.vmware.vim25.mo.ServiceInstance.<init>(ServiceInstance.java:63)
at VimTest.main(VimTest.java:15)
I have -Djavax.net.ssl.trustStore set up so that if I use the VI SDK it works fine, but not with VI JAVA.
Any suggestions ?
Thanks,
Shai.
Hi Shai,
It depends how you construct the ServiceInstance. If you don't need SSL, you can just do like this:
ServiceInstance si = new ServiceInstance(new URL(urlStr), username, password, true);
Notice the last parameter -- true. It is "ignoreCert". If you set it true, you don't need to set the SSL key into the keystore.
If you set it to false, then you have to set the SSL key into keystore. When you run the code, you have to provide the keystore file.
When you use the keystore, you have to make sure that the domain name in your code has to be the same as you provided to the keystore. For example, you provided to the keystore as "10.10.1.1", while in your code you have "https://esx1.mydomain.com/sdk". Even though you know they are referring the same in your network, but it doesn't work. They have to be the same.
Please give it a try and let me know if how it goes.
-Steve
Hey Steve,
Even I am trying to achieve the same and am getting the "No name matching abc.mydomain.com found' error.
So, when setting up the keystore, what path do I give? Should it be my local machine path or the path on the host? This code will be used at multiple places, so giving the local machine doesnt make sense.
Thanks, Steve.
I was under the impression that if the server requires a certificate then you have to use ignoreCert=false. As far as I know, my test server does require a certificate but I just tested it with ignoreCert=true and removed the javax.net.ssl.trustStore setting and it works fine.