Since we are upgraded out test environment to Java 201 we have problems logging in to Jenkins. This happens more or less randomly.

The error that we receive is : "Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching ortec.finance found."

In its own this is a clear message, saying that the identity certificate of the  Domain Controller has no correct SAN. 

This issue is that we have several DC's in our domain. We are using an alias in the configuration of Jenkins to link to 2 DC's which have the correct certificate (later, as a test, we changed this to a list of the 2 DC's). However, when we switch on some debugging (-Djavax.net.debug=ssl:handshake) we see that it also checks other DC's in our domain. These other DC's missing the SAN and generating the error.

Before update to the java version we didn't have this problem because java wasn't checking this.

Is this a known issue of the ldap-plugin?