I wrote some Java code that connects to a secure Oracle Database listener port through JDBC. The code I used is published here.

However, every time I execute this code, I receive the following exception:

java.sql.SQLRecoverableException: IO Error: Mismatch with the server cert DN.

This means that the DN I've configured in my Java code doesn't match that of the listener.

So how do I get the DN of the secure database listener?

I identified 3 mechanisms to extract the DN from the database listener; one using curl, another using openssl, and the last using keytool. Apparently, the DN returned is slightly different based on which of these commands you use.


oracle@soadev:/home/oracle> curl -vvI dbhost.raastech.com:1522

*       subject: CN=dbhost.raastech.com,serialNumber=1955-01-01,businessCategory=Government Entity,O=Raastech Inc.,incorporationCountry=US,L=Washington,ST=District of Columbia,C=US


oracle@soadev:/home/oracle> openssl s_client -connect dbhost.raastech.com:1522

subject=/C=US/ST=District of Columbia/L=Washington/jurisdictionC=US/O=Raastech Inc./businessCategory=Government Entity/serialNumber=1955-01-01/CN=dbhost.raastech.com


oracle@soadev:/home/oracle> keytool -printcert -sslserver dbhost.raastech.com:1522

Owner: CN=dbhost.raastech.com, SERIALNUMBER=1955-01-01, OID. Entity, O=Raastech Inc., OID., L=Washington, ST=District of Columbia, C=US

Solution? Use the DN returned from keytool.