M.App Enterprise Discussions

Discuss topics with other M.App Enterprise Product pioneers and experts to get the most out of it.
Showing results for 
Search instead for 
Do you mean 
Reply
Highlighted
Frequent Contributor
Posts: 114
Registered: ‎05-25-2016
Accepted Solution

"Error while loading descriptor" M.App Enterprise 16.5 with self signed certificate

I´ve just updated M.App Enterprise to the new version in an test / local server, the server does not have a domain name or a public facing static IP therefore I used the self signed certificate option. 

As a result I cannot use the desktop thin client. Seems like the self signed certificate does not fulfills the requirements of the java client.

Any workaround guys?

Here is the error message:

 

Error while loading descriptor from https://192.168.1.155/api/v1/desktopclient/624eac7a-56ca-4269-ad56-c657f6d9b361.hnlp?tenant=BSI&refreshToken=a8103143-076a-478b-a824-d76a783b0c25. 
java.io.IOException: No subject alternative names matching IP address 192.168.1.155 found
	at java.net.http/jdk.internal.net.http.HttpClientImpl.send(Unknown Source)
	at java.net.http/jdk.internal.net.http.HttpClientFacade.send(Unknown Source)
	at com.hexagon.applauncher.core/com.hexagon.applauncher.core.AppLauncher.loadDescriptor(Unknown Source)
	at com.hexagon.applauncher.core/com.hexagon.applauncher.core.AppLauncher.init(Unknown Source)
	at com.hexagon.applauncher.core/com.hexagon.applauncher.core.AppLauncher.lambda$start$0(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.base/java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address 192.168.1.155 found
	at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source)
	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source)
	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source)
	at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source)
	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(Unknown Source)
	at java.base/java.util.ArrayList.forEach(Unknown Source)
	at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate.lambda$executeTasks$3(Unknown Source)
	at java.net.http/jdk.internal.net.http.HttpClientImpl$DelegatingExecutor.execute(Unknown Source)
	at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate.executeTasks(Unknown Source)
	at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate.doHandshake(Unknown Source)
	at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate$Reader.processData(Unknown Source)
	at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate$Reader$ReaderDownstreamPusher.run(Unknown Source)
	at java.net.http/jdk.internal.net.http.common.SequentialScheduler$SynchronizedRestartableTask.run(Unknown Source)
	at java.net.http/jdk.internal.net.http.common.SequentialScheduler$CompleteRestartableTask.run(Unknown Source)
	at java.net.http/jdk.internal.net.http.common.SequentialScheduler$SchedulableTask.run(Unknown Source)
	... 3 more
Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 192.168.1.155 found
	at java.base/sun.security.util.HostnameChecker.matchIP(Unknown Source)
	at java.base/sun.security.util.HostnameChecker.match(Unknown Source)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
	at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(Unknown Source)
	at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
	... 22 more
Technical Evangelist
Posts: 158
Registered: ‎09-01-2015

Re: "Error while loading descriptor" M.App Enterprise 16.5 with self signed certificate

Have you created a new certificate or are you just using the existing self-signed one?

 

If latter one, you have to create a new self-signed certificate in the installation process.

Frequent Contributor
Posts: 114
Registered: ‎05-25-2016

Re: "Error while loading descriptor" M.App Enterprise 16.5 with self signed certificate

It is a newly generated certificate, generated by the installer during the update process... I´ve already tried regenerating the certificate using the "modify" option of the installer with no favorable results.

And It looks like I´m not alone :

https://community.hexagongeospatial.com/t5/Support-M-App-Enterprise/Hexagon-App-Launcher-fails-to-st...

Staff
Posts: 1,051
Registered: ‎10-18-2015

Re: "Error while loading descriptor" M.App Enterprise 16.5 with self signed certificate

the solution is indeed to load a proper SSL certificate. For testing purposes you can use http without issues.

 

Stefano

Stefano Turcato
Presale Engineer
Hexagon Geospatial
Frequent Contributor
Posts: 78
Registered: ‎10-12-2015

Re: "Error while loading descriptor" M.App Enterprise 16.5 with self signed certificate

Hello,

 

Try using the servername instead of the ip to connect to the application.

 

https://srvname/apps/?tenant=tenantname

 

You might also need to add the srvname to the hosts file if it's not accessible by default in your network:

 

C:\Windows\System32\drivers\etc\hosts

192.168.1.155 srvname

Regards,

Radu

Technical Evangelist
Posts: 178
Registered: ‎03-03-2016

Re: "Error while loading descriptor" M.App Enterprise 16.5 with self signed certificate

The hostname is validated against the certifcate's hostname. They need to match.

Technical Evangelist
Posts: 645
Registered: ‎11-12-2015

Re: "Error while loading descriptor" M.App Enterprise 16.5 with self signed certificate

[ Edited ]

Hi S.Fonseca,

 

Indeed the Hexagon App Launcher (Desktop M.Apps) needs to be launched from a URL to which the hostname matches the newly generated M.App Enterprise 2018 certificate hostname. If these are different the launcher will fail.

Occasional Contributor
Posts: 15
Registered: ‎07-12-2017

Re: "Error while loading descriptor" M.App Enterprise 16.5 with self signed certificate

Is valid an autosigned certificate?

Thanks a lot.

 

Contributor
Posts: 71
Registered: ‎10-10-2015

Re: "Error while loading descriptor" M.App Enterprise 16.5 with self signed certificate

[ Edited ]

My server is for testing and I using https://letsencrypt.org for create my Free SSL Certificate. 

 

This video was helpful for me https://youtu.be/Z3jd8NOOY2o

 

Everything in M.App Enterprise working ok. 

 

This is other option Zerossl.com

 

UPDATE*** . We have a newer version of this video, check out the latest here - https://youtu.be/nlt9kbwnS_0 In Episode 44 of the Tech Smart Boss Podcast, I talked about 3 ways to set your website up with SSL encryption and the reasons you needed to do it as soon as possible (listen here - ...