I wrote some Java code that connects to a secure Oracle Database listener port through JDBC. The code I used is published here.
However, every time I execute this code, I receive the following exception:
java.sql.SQLRecoverableException: IO Error: Mismatch with the server cert DN.
This means that the DN I've configured in my Java code doesn't match that of the listener.
So how do I get the DN of the secure database listener?
I identified 3 mechanisms to extract the DN from the database listener; one using
curl, another using
openssl, and the last using
keytool. Apparently, the DN returned is slightly different based on which of these commands you use.
oracle@soadev:/home/oracle> curl -vvI dbhost.raastech.com:1522 * subject: CN=dbhost.raastech.com,serialNumber=1955-01-01,businessCategory=Government Entity,O=Raastech Inc.,incorporationCountry=US,L=Washington,ST=District of Columbia,C=US
oracle@soadev:/home/oracle> openssl s_client -connect dbhost.raastech.com:1522 subject=/C=US/ST=District of Columbia/L=Washington/jurisdictionC=US/O=Raastech Inc./businessCategory=Government Entity/serialNumber=1955-01-01/CN=dbhost.raastech.com
oracle@soadev:/home/oracle> keytool -printcert -sslserver dbhost.raastech.com:1522 Owner: CN=dbhost.raastech.com, SERIALNUMBER=1955-01-01, OID.22.214.171.124=Government Entity, O=Raastech Inc., OID.126.96.36.199.4.1.3188.8.131.52.3=US, L=Washington, ST=District of Columbia, C=US
Solution? Use the DN returned from