Problems with certificates - Hostname verification of certificate failed

Hya,

after installing and configuring, these erros are showing at the jvb.log.

the server wolke.servername.com have the server certificate, root certificate, ist working with all other services which uses certificates for ssl.

Any hint, please?

Blockquote

2020-05-07 13:39:30.321 WARNUNG: [748] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener: Connection XMPPTCPConnection[not-authenticated] (0) closed with error
java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate auth.wolke.servername.com
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:820)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1071)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
at java.lang.Thread.run(Thread.java:748)
2020-05-07 13:39:30.321 WARNUNG: [748] [hostname=wolke.servername.com id=shard] MucClient$1.connectionClosedOnError#295: Closed on error:
java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate auth.wolke.servername.com
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:820)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1071)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
at java.lang.Thread.run(Thread.java:748)
2020-05-07 13:39:35.444 INFORMATION: [750] org.jivesoftware.smack.java7.XmppHostnameVerifier.verify: Certificate does not match hostname
java.security.cert.CertificateException: No subject alternative DNS name matching auth.wolke.servername.com found. Tried: wolke.servername.com,wolke,locahost,.servername.com,
at org.jivesoftware.smack.java7.XmppHostnameVerifier.matchDns(XmppHostnameVerifier.java:159)
at org.jivesoftware.smack.java7.XmppHostnameVerifier.match(XmppHostnameVerifier.java:105)
at org.jivesoftware.smack.java7.XmppHostnameVerifier.verify(XmppHostnameVerifier.java:71)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:819)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1071)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
at java.lang.Thread.run(Thread.java:748)
2020-05-07 13:39:35.444 WARNUNG: [20] [hostname=wolke.servername.com id=shard] MucClient.lambda$getConnectAndLoginCallable$7#643: [MucClient id=shard hostname=wolke.servername.com] error connecting
org.jivesoftware.smack.SmackException: java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate auth.wolke.servername.com
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1076)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate auth.wolke.servername.com
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:820)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1071)
… 3 more
2020-05-07 13:39:35.445 WARNUNG: [750] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener: Connection XMPPTCPConnection[not-authenticated] (0) closed with error
java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate auth.wolke.servername.com
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:820)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1071)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
at java.lang.Thread.run(Thread.java:748)
2020-05-07 13:39:35.445 WARNUNG: [750] [hostname=wolke.servername.com id=shard] MucClient$1.connectionClosedOnError#295: Closed on error:
java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate auth.wolke.servername.com
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:820)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1071)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
at java.lang.Thread.run(Thread.java:748)
2020-05-07 13:39:38.892 INFORMATION: [19] Videobridge.createConference#320: create_conf, id=96d6bd1d2fe4602b gid=null logging=false
2020-05-07 13:39:38.912 INFORMATION: [19] AbstractHealthCheckService.run#171: Performed a successful health check in PT0.021S. Sticky failure: false
2020-05-07 13:39:40.540 INFORMATION: [753] org.jivesoftware.smack.java7.XmppHostnameVerifier.verify: Certificate does not match hostname
java.security.cert.CertificateException: No subject alternative DNS name matching auth.wolke.servername.com found. Tried: wolke.servername.com,wolke,locahost,
.servername.com,
at org.jivesoftware.smack.java7.XmppHostnameVerifier.matchDns(XmppHostnameVerifier.java:159)
at org.jivesoftware.smack.java7.XmppHostnameVerifier.match(XmppHostnameVerifier.java:105)
at org.jivesoftware.smack.java7.XmppHostnameVerifier.verify(XmppHostnameVerifier.java:71)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:819)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1071)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
at java.lang.Thread.run(Thread.java:748)
2020-05-07 13:39:40.540 WARNUNG: [20] [hostname=wolke.servername.com id=shard] MucClient.lambda$getConnectAndLoginCallable$7#643: [MucClient id=shard hostname=wolke.servername.com] error connecting
org.jivesoftware.smack.SmackException: java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate auth.wolke.servername.com
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1076)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate auth.wolke.servername.com
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:820)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1071)
… 3 more
2020-05-07 13:39:40.541 WARNUNG: [753] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener: Connection XMPPTCPConnection[not-authenticated] (0) closed with error
java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate auth.wolke.servername.com
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:820)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1071)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
at java.lang.Thread.run(Thread.java:748)
2020-05-07 13:39:40.541 WARNUNG: [753] [hostname=wolke.servername.com id=shard] MucClient$1.connectionClosedOnError#295: Closed on error:
java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate auth.wolke.servername.com
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:820)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1071)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
at java.lang.Thread.run(Thread.java:748)

Blockquote

Is this jvb running on the same machine?
if not you can workaround it org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
if it is on the same update-ca-certificates -f should fix it

Yes, all running on the same machine.
update-ca-certificates -f didnt’t fix it.

root-cert is at /etc/ssl/certs (private-root-cert.pem)
server certificates and key, signed by private-root-cert private key are installed at /etc/ssl/private/wolke.crt and /etc/ssl/private/wolke.key

apache2 recognize it ok, clients (firefox, chrome, nextcloud, etc) also accepts it as correct.
subsonic streamer also recognize it (after i installed it at the java keystore for subsonic).

i’m still getting the following errors.

jicofo.log
Jicofo 2020-05-08 11:00:15.805 WARNUNG: [31535] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener() Connection XMPPTCPConnection[not-authenticated] (0) closed with error
java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate auth.wolke.servername.com

jvb.log
2020-05-08 11:02:03.473 WARNUNG: [1834] [hostname=wolke.servername.com id=shard] MucClient$1.connectionClosedOnError#295: Closed on error:
java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate auth.wolke.servername.com

seams that jicofo and jvb looks for the certificate somewhere else, but could not find it.

any help is welcome.

This certificate is self-signed, created while setting up prosody and should be trusted only on the local machine.
It is done by:

ln -sf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt /usr/local/share/ca-certificates/$JICOFO_AUTH_DOMAIN.crt
update-ca-certificates -f

We had seen problems in the past with those, when people install and remove the packages, and there was a bug in java-certs package and was not updating it, but normally forcing that with -f switch fixes it.

Well, i replaced this self-signed certificate with the real ones.

Is there a way to revert it withou having to reinstall all again?

Restart prosody to start using the new certs

did not work :frowning_face:

2020-05-15 08:46:36.284 WARNUNG: [20] [hostname=wolke.servername.com id=shard] MucClient.lambda$getConnectAndLoginCallable$7#643: [MucClient id=shard hostname=wolke.servername.com] error connecting
org.jivesoftware.smack.SmackException: java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate auth.wolke.servername.com
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1076)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate auth.wolke.servername.com
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:820)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1071)
… 3 more
2020-05-15 08:46:36.284 WARNUNG: [28855] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener: Connection XMPPTCPConnection[not-authenticated] (0) closed with error
java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate auth.wolke.servername.com
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:820)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1071)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
at java.lang.Thread.run(Thread.java:748)
2020-05-15 08:46:36.284 WARNUNG: [28855] [hostname=wolke.servername.com id=shard] MucClient$1.connectionClosedOnError#295: Closed on error:
java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate auth.wolke.servername.com
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:820)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1071)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
at java.lang.Thread.run(Thread.java:748)
2020-05-15 08:46:39.028 INFORMATION: [19] Videobridge.createConference#320: create_conf, id=9b31097adc34bf89 gid=null logging=false
2020-05-15 08:46:39.031 INFORMATION: [19] AbstractHealthCheckService.run#171: Performed a successful health check in PT0.003S. Sticky failure: false