cancel
Showing results for 
Search instead for 
Did you mean: 

Problem accessing the absolute URL in JSP / JSTL on using tag

nirajkrm
Explorer
0 Kudos

I am trying to display content of absolute media url in jsp / JSTL using <c:import> tag, the code is below

<%@ page contentType="text/plain" language="java" trimDirectiveWhitespaces="true" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
<c:if test="${not ((cmsSite.uid eq 'swc') || (cmsSite.uid eq 'sds'))}" >
<?xml version="1.0" encoding="UTF-8"?>
<sitemapindex xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<c:forEach items="${siteMapUrls}" var="loc">
<sitemap>
<loc>${fn:escapeXml(loc)}</loc>
</sitemap>
</c:forEach>
</sitemapindex>
</c:if>
<c:if test="${((cmsSite.uid eq 'swc') || (cmsSite.uid eq 'sds'))}" >
<c:forEach items="${siteMapUrls}" var="loc">
<c:import var = "siteMap" url="${fn:escapeXml(loc)}"/>
${siteMap}
</c:forEach>
</c:if>

But when I am accessing the url https://a.local:9002/sitemap.xml. It is giving me below error.

Problem accessing the absolute URL "https://a.local:9002/medias/GSBOL-20221216.xml?context=bWFzdGVyfHJvb3R8OTc2OTN8dGV4dC94bWx8aGEwL2g4My84Nzk2MTQxODQ2NTU4LnhtbHwwNGY1NWI4ZDc0ZjkyMTdlZDU0OTg4Y2FiZmNmODMyNzRlMWI4MTA4NzQ3ODAwN2JjNTk5ODMzYTdhNDBkMDUw". javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching swc.local found.

On passing unsecure url "http://a.local:9001/medias/GSBOL-20221216.xml?context=bWFzdGVyfHJvb3R8OTc2OTN8dGV4dC94bWx8aGEwL2g4My84Nzk2MTQxODQ2NTU4LnhtbHwwNGY1NWI4ZDc0ZjkyMTdlZDU0OTg4Y2FiZmNmODMyNzRlMWI4MTA4NzQ3ODAwN2JjNTk5ODMzYTdhNDBkMDUw

Above code is working as expected and displaying the contents of xml file on using unsecure url.

Anyone knows about this issue.

Accepted Solutions (0)

Answers (1)

Answers (1)

alemasetto
Participant
0 Kudos

You are using a self-signed certificate for a server-to-server call.

To fix the javax.net.ssl.SSLHandshakeException error, you can try the following:

  1. Update the cacert: This will ensure that the JVM trusts the certificate presented by the server.
  2. Disable certificate validation in the JVM.

Note 1: Disabling certificate validation can introduce security risks, it's not recommended to use it in production environment.
Note 2: Generally, you can see further details by adding -Djavax.net.debug=ssl:handshake (only for debug)
Note 3: In you specific case, since you are calling an internal URL (the server is calling itself), think if you really need HTTPS on your development environment. Even if you will use a valid certificate, you will be in charge of whitelisting the new certificates on on-premise installations (point 1) as the JVM does not automatically trust all certificates.