Getting "Hostname verification failed" in OSB 12c
Problem:
When calling a service on Oracle Service Bus (OSB) 12c, I received an SSLKeyException related to hostname verification even though we do not have SSL configured.
The entire error stack in osb_server1.out is:
[2019-09-24T21:58:33.853-06:00] [osb_server1] [ERROR] [OSB-381304] [oracle.osb.transports.main.httptransport] [tid: [ACTIVE].ExecuteThread: '27' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: 005^pYeqrIi6UOIqyovX6G000KCT00000D,0:1:1] [APP: Service Bus Framework Starter Application] [partition-name: DOMAIN] [tenant-name: GLOBAL] [FlowId: 0000Mpa^X_L6uHIqyofd6G1TYiLL000002] Exception in InvocationCallback.failed: javax.ws.rs.ProcessingException: javax.net.ssl.SSLKeyException: Hostname verification failed: HostnameVerifier=weblogic.security.utils.SSLWLSHostnameVerifier, hostname=soa.raastech.com.[[
javax.ws.rs.ProcessingException: javax.net.ssl.SSLKeyException: Hostname verification failed: HostnameVerifier=weblogic.security.utils.SSLWLSHostnameVerifier, hostname=soa.raastech.com.
at org.glassfish.jersey.client.internal.HttpUrlConnector$3.run(HttpUrlConnector.java:299)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at jersey.repackaged.com.google.common.util.concurrent.MoreExecutors$DirectExecutorService.execute(MoreExecutors.java:299)
at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112)
at jersey.repackaged.com.google.common.util.concurrent.AbstractListeningExecutorService.submit(AbstractListeningExecutorService.java:50)
at jersey.repackaged.com.google.common.util.concurrent.AbstractListeningExecutorService.submit(AbstractListeningExecutorService.java:37)
at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:293)
at org.glassfish.jersey.client.ClientRuntime$2.run(ClientRuntime.java:178)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:340)
at org.glassfish.jersey.client.ClientRuntime$3.run(ClientRuntime.java:210)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at weblogic.work.WorkAreaContextWrap.run(WorkAreaContextWrap.java:60)
at com.bea.alsb.platform.weblogic.WlsWorkManagerServiceImpl$WorkAdapter.run(WlsWorkManagerServiceImpl.java:283)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:678)
at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:352)
at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:337)
at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:57)
at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)
at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:652)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:420)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:360)
Caused by: javax.net.ssl.SSLKeyException: Hostname verification failed: HostnameVerifier=weblogic.security.utils.SSLWLSHostnameVerifier, hostname=soa.raastech.com.
at weblogic.security.SSL.jsseadapter.JaSSLEngine.doPostHandshake(JaSSLEngine.java:686)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:757)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java:133)
at weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:656)
at weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.java:553)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:108)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:87)
at weblogic.socket.JSSESocket.startHandshake(JSSESocket.java:240)
at weblogic.net.http.HttpsClient.New(HttpsClient.java:566)
at weblogic.net.http.HttpsClient.New(HttpsClient.java:546)
at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:235)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:685)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:42)
at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:1547)
at org.glassfish.jersey.client.internal.HttpUrlConnector._apply(HttpUrlConnector.java:394)
at org.glassfish.jersey.client.internal.HttpUrlConnector.access$000(HttpUrlConnector.java:96)
at org.glassfish.jersey.client.internal.HttpUrlConnector$3.run(HttpUrlConnector.java:297)
... 27 more
]]
Analysis:
This error occurred when the OSB business service was calling the SOA service through the load balancer. Though the SOA managed servers do not have SSL configured, the load balancer did.
Solution:
- Navigate to the OSB managed server.
- Set Hostname Verification to "None".
- Save and activate the changes.