分类导航
程序笔记程序问答

如何修复“java.security.cert.CertificateException:No subject alternative names present”错误?

程序问答   发布时间:2022-06-02  发布网站:大佬教程  code.js-code.com
大佬教程收集整理的这篇文章主要介绍了如何修复“java.security.cert.CertificateException:No subject alternative names present”错误?大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。

如何解决如何修复“java.security.cert.CertificateException:No subject alternative names present”错误??

开发过程中遇到如何修复“java.security.cert.CertificateException:No subject alternative names present”错误?的问题如何解决?下面主要结合日常开发的经验,给出你关于如何修复“java.security.cert.CertificateException:No subject alternative names present”错误?的解决方法建议,希望对你解决如何修复“java.security.cert.CertificateException:No subject alternative names present”错误?有所启发或帮助;

通过使用此处介绍的方法禁用httpS检查来解决此问题:

我将以下代码放入ISomeservice该类中:

static {
    disableSslVerification();
}

private static voID disableSslVerification() {
    try
    {
        // Create a trust manager that does not valIDate certificate chains
        TrustManager[] trustAllCerts = new TrustManager[] {new x509trustmanager() {
            public java.security.cert.X509Certificate[] getAcceptedissuers() {
                return null;
            }
            public voID checkClIEntTrusted(X509Certificate[] certs, String authTypE) {
            }
            public voID checkServerTrusted(X509Certificate[] certs, String authTypE) {
            }
        }
        };

        // Install the all-trusTing trust manager
        SSLContext sc = SSLContext.geTinstance("SSL");
        sc.init(null, trustAllCerts, new java.security.SecureRandom());
        httpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

        // Create all-trusTing host name verifIEr
        HostnameVerifIEr allHostsValID = new HostnameVerifIEr() {
            public Boolean verify(String hostname, SSLSession session) {
                return true;
            }
        };

        // Install the all-trusTing host verifIEr
        httpsURLConnection.setDefaultHostnameVerifIEr(allHostsValID);
    } catch (NoSuchAlgorithmException E) {
        e.printstacktrace();
    } catch (Keymanagementexception E) {
        e.printstacktrace();
    }
}

由于我https://AAA.bBB.CCC.DDD:9443/ISomeservice仅将它们用于测试目的,所以这是一个足够好的解决方案。

解决方法

我有一个Java Web服务客户端,该客户端通过httpS使用Web服务。

import javax.xml.ws.service;

@WebserviceClient(name = "ISomeservice",targetNamespace = "http://tempuri.org/",wsdlLOCATIOn = "...")
public class ISomeservice
    extends service
{

    public ISomeservice() {
        super(__getWsdlLOCATIOn(),ISOMEserviCE_QName);
    }

当我连接到服务URL(https://AAA.bBB.CCC.DDD:9443/ISomeservice)时,出现异常java.security.cert.CertificateException: No subject alternative names present。

要解决此问题,我首先运行openssl s_client -showcerts -connect AAA.bBB.CCC.DDD:9443 > certs.txt并在file中获取以下内容certs.txt

CONNECTED(00000003)
---
Certificate chain
 0 s:/CN=someSubdomain.someorganisation.com
   i:/CN=someSubdomain.someorganisation.com
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=someSubdomain.someorganisation.com
issuer=/CN=someSubdomain.someorganisation.com
---
No client certificate CA names sent
---
SSL handshake has read 489 bytes and written 236 bytes
---
New,TLSv1/SSLv3,Cipher is RC4-MD5
Server public key is 512 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5            
    Session-ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    Session-ID-ctx:                 
    Master-Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    Key-Arg   : None
    Start Time: 1382521838
    Timeout   : 300 (seC)
    Verify return code: 21 (unable to verify the first certificatE)
---

AFAIK,现在我需要

  1. 提取的部分certs.txt之间-----BEGIN CERTIFICATE-----和-----END CERTIFICATE-----,
  2. 对其进行修改,以使证书名称等于AAA.bBB.CCC.DDD和
  3. 然后使用导入结果keytool -importcert -file fileWithModifiedCertificate(fileWithModifiedCertificate操作1和2的结果在哪里)。
    它是否正确?

如果是这样,我如何才能使第1步中的证书与基于IP的地址(AAA.bBB.CCC.DDD)一起使用?

大佬总结

以上是大佬教程为你收集整理的如何修复“java.security.cert.CertificateException:No subject alternative names present”错误?全部内容,希望文章能够帮你解决如何修复“java.security.cert.CertificateException:No subject alternative names present”错误?所遇到的程序开发问题。

如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。

本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。
标签:alternativepresent”错误?subject如何修复“java.security.cert.CertificateException:No
猜你在找的程序问答相关文章
其他相关热搜词更多
phpJavaPython程序员load如何string使用参数jquery开发安装listlinuxiosandroid工具javascriptcap