I have an Appium instance hosted on a remote server. It is able to connect and execute tests on older version of Appium i.e. java-client 4.1.2 which is pretty old. I was trying to upgrade my Appium java-client version to 7.3.0, but I keep running into subjected error. Now I have read few answers here on how to get around this like
javax.net.ssl.SSLPeerUnverifiedException: Hostname not verified:
OkHttp javax.net.ssl.SSLPeerUnverifiedException: Hostname domain.com not verified
I also read some blog posts and created a certificate which has SAN (subject alternate name). I have verified that SAN is being reflected correctly and I see it under the exception. Another solution is to override the hostname verification part but since the HTTP URL connection is being done via Selenium remote driver dependencies I cannot do this either.
Exception stack trace
Exception in thread "main" org.openqa.selenium.SessionNotCreatedException: Unable to create a new remote session. Original error: Hostname IP_ADDRESS not verified:
certificate: sha256/qBxa5dCkXQoyg8GE54564120O+oBGYRHFZI8=
DN: CN=IP_ADDRESS, O=org_name, L=location, ST=state, C=country
subjectAltNames: [IP_ADDRESS]
Driver info: driver.version: AndroidDriver
at io.appium.java_client.remote.AppiumCommandExecutor$1.createSession(AppiumCommandExecutor.java:208)
at io.appium.java_client.remote.AppiumCommandExecutor.createSession(AppiumCommandExecutor.java:217)
at io.appium.java_client.remote.AppiumCommandExecutor.execute(AppiumCommandExecutor.java:239)
at org.openqa.selenium.remote.RemoteWebDriver.execute(RemoteWebDriver.java:577)
at org.openqa.selenium.remote.RemoteWebDriver.startSession(RemoteWebDriver.java:211)
at io.appium.java_client.AppiumDriver.startSession(AppiumDriver.java:336)
at org.openqa.selenium.remote.RemoteWebDriver.<init>(RemoteWebDriver.java:131)
at io.appium.java_client.DefaultGenericMobileDriver.<init>(DefaultGenericMobileDriver.java:37)
at io.appium.java_client.AppiumDriver.<init>(AppiumDriver.java:88)
at io.appium.java_client.AppiumDriver.<init>(AppiumDriver.java:98)
at io.appium.java_client.android.AndroidDriver.<init>(AndroidDriver.java:94)
at com.quantum.java.pages.Galaxy8Calculator.main(Galaxy8Calculator.java:43)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at io.appium.java_client.remote.AppiumCommandExecutor$1.createSession(AppiumCommandExecutor.java:186)
... 11 more
Caused by: javax.net.ssl.SSLPeerUnverifiedException: Hostname IP_ADDRESS not verified:
certificate: sha256/qBxa5dCkXQoyg8GE54564120O+oBGYRHFZI8=
DN: CN=IP_ADDRESS, O=org_name, L=location, ST=state, C=country
subjectAltNames: [IP_ADDRESS]
at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:350)
at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:300)
at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:185)
at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.java:224)
at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.java:107)
at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.java:87)
at okhttp3.internal.connection.Transmitter.newExchange(Transmitter.java:162)
at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:41)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:94)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:88)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:221)
at okhttp3.RealCall.execute(RealCall.java:81)
at org.openqa.selenium.remote.internal.OkHttpClient.execute(OkHttpClient.java:57)
at org.openqa.selenium.remote.ProtocolHandshake.createSession(ProtocolHandshake.java:105)
... 16 more
Here's the version of dependencies that I think matter
Appium java-client 7.3.0
Selenium selenium-java 3.141.59
I have also tried setting setAcceptInsecureCerts() capability to true when making a connection to no avail. Please let me know if anyone has any insights in this.
Here are the self signed certificate contents
verify OK
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=C, ST=st, L=loc, O=org, CN=IP_ADDRESS
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:d0:xyz
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions:
X509v3 Subject Alternative Name:
DNS:IP_ADDRESS
Signature Algorithm: sha256WithRSAEncryption
52:e5:xyz
Can you print out how you generated the certificate? Or print out it's details. Is it possible you are somehow encoding the IP address as a DNS SAN value? They are typed inside the certificate (the DNS: prefix).
openssl x509 -in a.pem -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0c:b0:23:11:94:77:2a:a0:8e:76:5a:76:82:c9:ad:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA
Validity
Not Before: Mar 26 00:00:00 2020 GMT
Not After : Mar 25 12:00:00 2021 GMT
Subject: C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=lon3, CN=api.twitter.com
...
X509v3 Subject Alternative Name:
DNS:api.twitter.com