Home > Java > javaTutorial > body text

How to Fix the 'java.security.cert.CertificateException: No Subject Alternative Names Present' Error in Java?

DDD
Release: 2024-11-08 02:18:02
Original
962 people have browsed it

How to Fix the

Troubleshooting "java.security.cert.CertificateException: No Subject Alternative Names Present" Error in Java

When connecting to an HTTPS web service using a Java client, encountering the exception "java.security.cert.CertificateException: No subject alternative names present" can be frustrating. Here's how to address this issue:

Verifying Certificate Information

To obtain the server's certificate details, use the command "openssl s_client -showcerts -connect AAA.BBB.CCC.DDD:9443 > certs.txt." The resulting file "certs.txt" contains:

  • Chain of Certificates: Identify the certificate containing "CN=AAA.BBB.CCC.DDD."
  • Server Certificate: Extract the section between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" for this certificate.

Alternative Solution

Regarding Step 1 of the Proposed Solution:

  • Extracting the certificate alone is incorrect; it requires additional modifications.
  • The goal is to create a certificate that matches the IP address (AAA.BBB.CCC.DDD).

Regarding Step 2 of the Proposed Solution:

  • Modifying the certificate to include AAA.BBB.CCC.DDD requires specific tools and expertise, making this step impractical.

Recommended Approach

Consider the following alternatives:

  • Disable HTTPS Checks:
// In the ISomeService class:
static {
    disableSslVerification();
}

private static void disableSslVerification() {
    // ... [Code to disable HTTPS checks as described in the provided answer]
}
Copy after login
  • Implement a Custom Hostname Verifier:
// In the ISomeService class:
HostnameVerifier customVerifier = new HostnameVerifier() {
    @Override
    public boolean verify(String hostname, SSLSession session) {
        // Perform custom hostname verification, such as accepting the IP address (AAA.BBB.CCC.DDD).
        return true;
    }
};

HttpsURLConnection httpsConn = (HttpsURLConnection) url.openConnection();
httpsConn.setHostnameVerifier(customVerifier);
Copy after login

Caution: Disabling HTTPS checks or implementing a custom hostname verifier can compromise security. Use these approaches only for testing or in controlled environments.

The above is the detailed content of How to Fix the 'java.security.cert.CertificateException: No Subject Alternative Names Present' Error in Java?. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template