No subject alternative DNS name matching Exception

jeopardy · March 3, 2025, 4:54pm

Jenkins setup:
Jenkins 2.426.3
[Active DirectoryVersion2.35]
[LDAPVersion711.vb_d1a_491714dc]

Here is my Active Directory Configuration on Jenkins;

LDAPS is working properly but I’m getting exceptions on jenkins.log. Here are the error lines;
java.security.cert.CertificateException: No subject alternative DNS name matching InterEXT.local found.
Caused: javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching InterEXT.local found.
Caused: javax.naming.CommunicationException: InterEXT.local:636 [Root exception is javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching InterEXT.local found.]
Caused: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: InterEXT.local:636 [Root exception is javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching InterEXT.local found.]]
java.security.cert.CertificateException: No subject alternative DNS name matching InterEXT.local found.

My certificate does not include SAN field like InterEXT.local but I didn’t understand why plugin trying to match this address from bind dn?
My Domain name and controller does not have an info like InterEXT.local (with upper case EXT) I only have this config in bind dn. I’m confused.
I asked our active directory team to change SAN name but. I’m not sure that are we suppose to do that or is there any bug here?

mawinter69 · March 3, 2025, 5:52pm

First looking at the screenshot it seems you’re using the Active Directory plugin. Means the LDAP plugin is not used at all (you can uninstall it).
It works because you configured the TLS configuration with Insecure (Trust all certificates).
The problem is not related to the certificate of your Jenkins instance.
During the communication with AD, a site with name InterEXT.local is contacted (domain names are case insensitive) and this site is using a certificate that hasn’t this name in it’s subject alt names field.

jeopardy · March 4, 2025, 12:27pm

Thanks for the answer. Bu I didn’t understand why jenkins contacted with bind dn OUs not with domain controller url?

jeopardy · March 6, 2025, 8:05am

@mawinter69 do you have any idea? Our AD Team says it should use FQDN name of Domain Controller.

mawinter69 · March 6, 2025, 8:10am

Sorry I’m not familiar with the internals of the AD plugin or the ldap protocol to give further assistance

Topic		Replies	Views
Java.security.cert.CertificateException: No subject alternative DNS name matching updates.jenkins.io found Community java	9	1816	April 1, 2024
Jenkins EKS SSLHandshakeException issue Using Jenkins	0	653	March 8, 2022
SAMBA AD Cannot form LDAP authentication Using Jenkins question , pipeline	1	127	June 11, 2024
Jenkins Becomes Unreachable After LDAP UnknownHostException – Memory Cache Issue? Ask a question question	0	17	February 25, 2025
Getting a 504 error when configuring LDAP for my Jenkins instance Using Jenkins	3	535	September 14, 2023

No subject alternative DNS name matching Exception

Related topics