CertificateException: No name matching <hostname> found.

I'm trying to access a web service that uses BASIC Auth + SSL with a self-signed cert. I've cobbled together code that should work, and imported the cert from the server into a keystore. I have verified that the CN for the crt is identical to the target hostname and matches exactly what CertificateException is telling me it needs. I've hit a brick wall here and would appreciate any assistance an SSL veteran can provide. Thanks!

opening service for [https://lab-nf-01.ns.cs.boeing.com/smc/swsService/hosts?wsdl]
Problem instantiating Hosts service port.
Exception: Failed to access the WSDL at: https://lab-nf-01.ns.cs.boeing.com/smc/swsService/hosts?wsdl. It failed with: 
	java.security.cert.CertificateException: No name matching lab-nf-01.ns.cs.boeing.com found.
javax.xml.ws.WebServiceException: Failed to access the WSDL at: https://lab-nf-01.ns.cs.boeing.com/smc/swsService/hosts?wsdl. It failed with: 
	java.security.cert.CertificateException: No name matching lab-nf-01.ns.cs.boeing.com found.
	at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:162)
	at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:144)
	at com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:263)
	at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:226)
	at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:174)
	at com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104)
	at javax.xml.ws.Service.<init>(Service.java:56)
	at com.lancope.sws.sws_service.SwsService.<init>(SwsService.java:70)
	at com.boeing.ntpm.netflow.api.ws.NetFlowAPIClient.createHostsPort(NetFlowAPIClient.java:86)

code:

public static Hosts createHostsPort()
	{
		Hosts hostsPort = null;
		URL wsdlURL = null;

try
		{
			//130.42.0.58
			wsdlURL = new URL( targetUrl );
			HttpsURLConnection sslConnection = setKeystore( hostname, targetUrl );
			
			System.out.println( "opening service for [" + sslConnection.getURL() + "]" );
			SwsService swsService = new SwsService( sslConnection.getURL() );
			hostsPort = swsService.getHostsPort();

((BindingProvider)hostsPort).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, username );
			((BindingProvider)hostsPort).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, password );
			
		...
	}

private static HttpsURLConnection setKeystore( String hostname, String stringUrl ) 
	{
		System.out.println( "Loading keystore..." );
		// Load the keystore in the user's home directory
		//File file = new File(System.getProperty("user.home") + File.separatorChar + ".keystore");
		File file = new File("keystore.ks");
		System.out.println( "\tkeystore is [" + file.getAbsolutePath() + "]" );
		FileInputStream fis = null;
		URL url = null;
		try
		{
			url = new URL( stringUrl );
			System.out.println( "\tkeystore found: " + file.exists() );
			fis = new FileInputStream(file);
		}
		...
		
		KeyStore keyStore = null;
		
		TrustManagerFactory tmf;
		SSLContext ctx = null;
		
		try
		{
			keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
			keyStore.load(fis, keystorePassword.toCharArray());
			System.out.println( "FileInputStream is valid: " + fis.getFD().valid() );
			keyStore.getCertificate( "netflow" );

tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
			tmf.init(keyStore);
			ctx = SSLContext.getInstance( "TLS" );
			ctx.init(null, tmf.getTrustManagers(), null);
		...

//Get an instance of the socket factory
		SSLSocketFactory sslFactory = ctx.getSocketFactory();

HttpsURLConnection connection = null;
//		url = new URL(newURLString);

System.out.println( "create connection for [" + url + "]" );
		try
		{
			connection = (HttpsURLConnection)url.openConnection();
			connection.setHostnameVerifier(new HostnameVerifier() {        
			    
				@Override
				public boolean verify(String hostname, SSLSession session)
				{
					return true;
				}
			});

}
		catch ( IOException e )
		{
			System.out.println( "IOEXCEPTION: " + e.getMessage() );
			e.printStackTrace();
		}
		
		
		//set the socket factory in the connection
		connection.setSSLSocketFactory(sslFactory);

return connection;
	}

and the certs in my keystore

Your cn name should match with your host name

Thanks. I am aware the hostname lab-nf-01.ns.cs.boeing.com must match the CN lab-nf-01.ns.cs.boeing.com.
They do, which is why the error is so frustrating and unhelpful.

You could try using a hostname verifier: