Thursday, June 30, 2016

WLS : SSL Certificate with Wildcard CN

Recently, I am supposed to integrate a SSL enabled web service. In order to that, first I imported the SSL certificate into WLS keystore and then I deployed the web service. When I tried to invoke an operation on the web service,  I faced an error that 'Hostname x.x.x.x is not verified'.

Then I verified and found that, SSL certificate is having wildcard in it's CN.

In this case, setting Hostname Verification to None will resolve issue. But it's not recommended in Production environments.

So enable Hostname verification as mentioned below to support SSL certificates with wildcard in the certificate CN.

1. Go to the WebLogic admin console -> Environment -> Servers -> <Admin/Managed Server> -> Configuration -> SSL
2. Click on "Advanced" icon to expand
3. Change "Hostname Verification" from "BEA Hostname Verifier" to "Custom Hostname Verifier"
4. Set "Custom Hostname Verifier" to weblogic.security.utils.SSLWLSWildcardHostnameVerifier
5. Click "Save" and restart Admin/Managed Server.