How do I fix the 'java.security.cert.CertificateException: No subject alternative names present' error when accessing a web service over HTTPS?

Fixing the "java.security.cert.CertificateException: No subject alternative names present" Error

When accessing a web service over HTTPS using a Java client, encountering the "java.security.cert.CertificateException: No subject alternative names present" error indicates a mismatch between the certificate's subject name and the host address.

To resolve this issue, follow these steps:

1. Extract the certificate information between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" from the output of "openssl s_client -showcerts -connect AAA.BBB.CCC.DDD:9443 -gt; certs.txt".
2. Modify the extracted certificate so that the "Subject's Common Name (CN)" field matches the IP address (AAA.BBB.CCC.DDD). This can be achieved using tools like OpenSSL's "x509" commands.
3. Import the modified certificate using "keytool -importcert -file fileWithModifiedCertificate".

However, this method may not always be feasible if you don't have control over the server's certificate.

An alternative solution is to disable HTTPS checks. This approach involves creating a custom trust manager and hostname verifier that allow all certificates to be accepted. In the "ISomeService" class, add the following code:

static {
    disableSslVerification();
}

private static void disableSslVerification() {
    // Create a trust manager that does not validate certificate chains
    TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() {
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return null;
        }
        public void checkClientTrusted(X509Certificate[] certs, String authType) {
        }
        public void checkServerTrusted(X509Certificate[] certs, String authType) {
        }
    }
    };

    // Install the all-trusting trust manager
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

    // Create all-trusting host name verifier
    HostnameVerifier allHostsValid = new HostnameVerifier() {
        public boolean verify(String hostname, SSLSession session) {
            return true;
        }
    };

    // Install the all-trusting host verifier
    HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
}

Note that disabling HTTPS checks is not recommended for production environments due to security concerns.

The above is the detailed content of How do I fix the 'java.security.cert.CertificateException: No subject alternative names present' error when accessing a web service over HTTPS?. For more information, please follow other related articles on the PHP Chinese website!