java.security.cert.CertificateException: No subject alternative DNS name matching <hostname> found
症状
Using SSL to connect Crowd, or Embedded Crowd, to an LDAP directory can result in the above error, if the name on the certificate does not match the hostname of the server.
原因
In 2.3.6, Crowd now verifies the hostname on SSL certificates when communicating with an LDAP server over SSL. This was documented in this JAC issue: CWD-2690 - Getting issue details... STATUS
What this means is that the hostname must match that on the SSL certificate, or Crowd will not be able to connect to the directory. This is by design.
Resolution Options
Fix the certificate to contain the correct name. This is the preferred (and most secure) fix.
Use an 'ldaps' connection URL and leaving 'Secure SSL' (on Crowd) or 'Use SSL' (in Embedded Crowd) unchecked in the Crowd Console will use an SSL connection but will not verify that the hostname and certificate match.
Edit the server's hosts file to allow you to use the incorrect name in the certificate. Add the FQDN on the certificate and match it to the IP address of the server.
Verify "Follow Referrals" is not selected in the User Directory configuration.