Free Offer

Solve Apache issue "SSLProtocolException: handshake alert: unrecognized_name" OR enableSNIExtension=false

How to Solve  unrecognized_name SSLProtocolException

You normally get this error with JDK 7 and its because of enableSNIExtension added to the JDK. It normally occurs when server doesn't present browser with the domain name which is registered in the certificate (Name set to the CN value). To solve this issue the solution is very simple. You need to set the server name in you application server. A simple example for Apache configuration is shown below:

NameVirtualHost *:443
NameVirtualHost *:80

<VirtualHost *:80>
    ServerAdmin email address here
    ServerName mydomain.net
    ServerAlias mydomain.net
    DocumentRoot /srv/www/mydomain.net/public_html/
    ErrorLog /srv/www/mydomain.net/logs/error.log
    CustomLog /srv/www/mydomain.net/logs/access.log combined
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin 
 jzb@zonker.net
    ServerName mydomain.net
    ServerAlias mydomain.net
    DocumentRoot /srv/www/mydomain.net/public_html/

    ErrorLog /srv/www/mydomain.net/logs/error.log
    CustomLog /srv/www/mydomain.net/logs/access.log combined

    SSLEngine on
    SSLOptions +StrictRequire
    SSLCertificateFile /etc/ssl/certs/server.crt
    SSLCertificateKeyFile /etc/ssl/private/server.key
</VirtualHost>
 
"Unrecognized_name" SSLProtocolException will occur only if above yellow marked
properties will not be set in your apache configuration. Moreover the name given 
for these properties must match the CN value in certificate. 
 
Also if specific domain name is set for VirtualHost  instead of "*" then this name 
should also match the CN set in certificate and those set in above yellow marked properties.
 

1 comment:

devid mark said...

It's really appreciable message for everybody thanks for sharing this information.
totally free online dating, free dating online, free uk dating sites, free personals, online dating site free