So I am attempting to use a Custom Hostname Verifier that implements the weblogic.security.SSL.HostnameVerifier interface, to use instead of the standard BEA Hostname Verifier. I have packaged into a jar, my CustomHostnameVerifier class that implements the weblogic.security.SSL.HostnameVerifier interface. Here's where I might be running into trouble. To make this class available on the weblogic classpath, I have tried placing the jar in various weblogic lib directories on my development machine. (%WL_HOME%\wlserver_10.3\server\lib) And then in the weblogic console's advanced settings for SSL on the DefaultServer, I select that I want to use a Custom Hostname verifier, and provide the full class name of my class: my.package.prefix.CustomHostnameVerifier.
Caused By: javax.net.ssl.SSLKeyException: [Security:090504]Certificate chain received from graph.facebook.com - 188.8.131.52 failed hostname verification check. Certificate contained *.facebook.com but check expected graph.facebook.com
I have checked that the class is in fact accessible from the jar, and have also used the start-up argument:
Caused By: weblogic.utils.NestedRuntimeException: [Security:090563]Cannot create instance of Hostname Verifier my.package.prefix.CustomHostnameVerifier... Caused By: java.lang.ClassNotFoundException: my.package.prefix.CustomHostnameVerifier
, instead of and in addition to the SSL tab settings in the console. I've found no luck so far using suggestions from documentation and the web. I was just hoping someone might know what I'm doing wrong here, or be able to point me in the right direction for properly making classes available to weblogic.