09-28-2018 04:48 PM
I´ve just updated M.App Enterprise to the new version in an test / local server, the server does not have a domain name or a public facing static IP therefore I used the self signed certificate option.
As a result I cannot use the desktop thin client. Seems like the self signed certificate does not fulfills the requirements of the java client.
Any workaround guys?
Here is the error message:
Error while loading descriptor from https://192.168.1.155/api/v1/desktopclient/624eac7a-56ca-4269-ad56-c657f6d9b361.hnlp?tenant=BSI&refreshToken=a8103143-076a-478b-a824-d76a783b0c25. java.io.IOException: No subject alternative names matching IP address 192.168.1.155 found at java.net.http/jdk.internal.net.http.HttpClientImpl.send(Unknown Source) at java.net.http/jdk.internal.net.http.HttpClientFacade.send(Unknown Source) at com.hexagon.applauncher.core/com.hexagon.applauncher.core.AppLauncher.loadDescriptor(Unknown Source) at com.hexagon.applauncher.core/com.hexagon.applauncher.core.AppLauncher.init(Unknown Source) at com.hexagon.applauncher.core/com.hexagon.applauncher.core.AppLauncher.lambda$start$0(Unknown Source) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.base/java.lang.Thread.run(Unknown Source) Caused by: javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address 192.168.1.155 found at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source) at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source) at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source) at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source) at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source) at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source) at java.base/java.security.AccessController.doPrivileged(Native Method) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(Unknown Source) at java.base/java.util.ArrayList.forEach(Unknown Source) at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate.lambda$executeTasks$3(Unknown Source) at java.net.http/jdk.internal.net.http.HttpClientImpl$DelegatingExecutor.execute(Unknown Source) at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate.executeTasks(Unknown Source) at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate.doHandshake(Unknown Source) at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate$Reader.processData(Unknown Source) at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate$Reader$ReaderDownstreamPusher.run(Unknown Source) at java.net.http/jdk.internal.net.http.common.SequentialScheduler$SynchronizedRestartableTask.run(Unknown Source) at java.net.http/jdk.internal.net.http.common.SequentialScheduler$CompleteRestartableTask.run(Unknown Source) at java.net.http/jdk.internal.net.http.common.SequentialScheduler$SchedulableTask.run(Unknown Source) ... 3 more Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 192.168.1.155 found at java.base/sun.security.util.HostnameChecker.matchIP(Unknown Source) at java.base/sun.security.util.HostnameChecker.match(Unknown Source) at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source) at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source) at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(Unknown Source) at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source) ... 22 more
Solved! Go to Solution.
09-30-2018 10:36 PM
Have you created a new certificate or are you just using the existing self-signed one?
If latter one, you have to create a new self-signed certificate in the installation process.
10-01-2018 12:15 PM
It is a newly generated certificate, generated by the installer during the update process... I´ve already tried regenerating the certificate using the "modify" option of the installer with no favorable results.
And It looks like I´m not alone :
10-01-2018 12:41 PM
the solution is indeed to load a proper SSL certificate. For testing purposes you can use http without issues.
Stefano
10-02-2018 12:19 AM
Hello,
Try using the servername instead of the ip to connect to the application.
https://srvname/apps/?tenant=tenantname
You might also need to add the srvname to the hosts file if it's not accessible by default in your network:
C:\Windows\System32\drivers\etc\hosts
192.168.1.155 srvname
Regards,
Radu
10-02-2018 12:33 AM
The hostname is validated against the certifcate's hostname. They need to match.
10-02-2018 05:50 AM - edited 10-02-2018 05:52 AM
Hi S.Fonseca,
Indeed the Hexagon App Launcher (Desktop M.Apps) needs to be launched from a URL to which the hostname matches the newly generated M.App Enterprise 2018 certificate hostname. If these are different the launcher will fail.
11-12-2018 01:59 PM
Is valid an autosigned certificate?
Thanks a lot.
11-12-2018 02:53 PM - edited 01-17-2019 08:16 PM
My server is for testing and I using https://letsencrypt.org for create my Free SSL Certificate.
This video was helpful for me https://youtu.be/Z3jd8NOOY2o
Everything in M.App Enterprise working ok.
This is other option Zerossl.com