Troubleshooting SSL certificate issues with Java-based CI/CD tools

Other Questions Jira
1

I’m having trouble setting up a connection between two Java-based tools in our dev environment. One is a continuous integration platform and the other is an issue tracking system. The problem is with the SSL certificate.

We’re using a self-signed cert for our issue tracker. I’ve added it to the keystore but I’m still getting an error:

java.security.cert.CertificateException: No subject alternative names present

I checked the cert details and it looks like this:

Version: 1
Issuer: C=US, ST=XX, L=Hometown, O=MyCompany, OU=DevTeam, CN=Unknown
Subject: C=US, ST=XX, L=Hometown, O=MyCompany, OU=DevTeam, CN=Unknown

The cert doesn’t have any subject alternative names. Is there a way to add them? Or is there another solution? I’d rather not mess with the plugin code if I can avoid it.

Any ideas on how to get these tools talking to each other securely would be great. Thanks!

2

hey, i’ve run into this before. quickest fix is to add the SAN to ur cert. use openssl like this:

openssl req -new -x509 -key your_key.pem -out new_cert.pem -days 365 -subj “/CN=yourhost.com” -addext “subjectAltName = DNS:yourhost.com,IP:your.ip.address”

replace the stuff in quotes w/ ur actual info. should work after that

3

Having dealt with similar SSL certificate issues, I can suggest a few approaches. First, try updating your self-signed certificate to include the Subject Alternative Name (SAN) extension. You can do this using OpenSSL with the appropriate configuration file. Alternatively, if you’re using Java 8 or later, you might be able to use the ‘jdk.tls.client.protocols’ system property to force TLSv1.2, which can sometimes bypass this issue. As a last resort, you could implement a custom HostnameVerifier, but be cautious as this can introduce security vulnerabilities if not done correctly. Remember, these are temporary solutions - for long-term stability and security, consider investing in a proper CA-signed certificate for your issue tracker.

4

I have faced similar issues in the past when trying to integrate different Java-based tools. It turned out that modern Java versions enforce strict certificate validations, especially when it comes to the presence of subject alternative names. In my experience, one of the most effective solutions was to regenerate the certificate with the necessary SAN entries using OpenSSL. An alternate approach was to temporarily relax the hostname verification, but I strictly advise against this for production environments due to potential security risks. Ultimately, adopting a proper certificate authority, such as a private CA, resolved the issue reliably.