Getting DN mismatch in Java? Use keytool

I wrote some Java code that connects to a secure Oracle Database listener port through JDBC. The code I used is published here.

However, every time I execute this code, I receive the following exception:

java.sql.SQLRecoverableException: IO Error: Mismatch with the server cert DN.

This means that the DN I've configured in my Java code doesn't match that of the listener.

So how do I get the DN of the secure database listener?

I identified 3 mechanisms to extract the DN from the database listener; one using curl, another using openssl, and the last using keytool. Apparently, the DN returned is slightly different based on which of these commands you use.

cURL:

oracle@soadev:/home/oracle> curl -vvI dbhost.raastech.com:1522

*       subject: CN=dbhost.raastech.com,serialNumber=1955-01-01,businessCategory=Government Entity,O=Raastech Inc.,incorporationCountry=US,L=Washington,ST=District of Columbia,C=US

OpenSSL:

oracle@soadev:/home/oracle> openssl s_client -connect dbhost.raastech.com:1522

subject=/C=US/ST=District of Columbia/L=Washington/jurisdictionC=US/O=Raastech Inc./businessCategory=Government Entity/serialNumber=1955-01-01/CN=dbhost.raastech.com

Keytool:

oracle@soadev:/home/oracle> keytool -printcert -sslserver dbhost.raastech.com:1522

Owner: CN=dbhost.raastech.com, SERIALNUMBER=1955-01-01, OID.2.5.4.15=Government Entity, O=Raastech Inc., OID.1.3.6.1.4.1.311.60.2.1.3=US, L=Washington, ST=District of Columbia, C=US

Solution? Use the DN returned from keytool.

Getting DN mismatch in Java? Use keytool

Ahmed Aboulnaga

Ahmed Aboulnaga

OCI: Secure Load Balancer

Mysterious TLS in Oracle HTTP

Demo certificates in BPM 12c domain

Ansible: the Power of Tags

Ansible Tower: Dynamic Usernames