Why am I getting the 'java.security.cert.CertificateException: No Subject Alternative Names Present' Error When Connecting to a Web Service via HTTPS?

How to Resolve the "java.security.cert.CertificateException: No Subject Alternative Names Present" Error

When connecting to a web service via HTTPS using a Java client, you may encounter the error "java.security.cert.CertificateException: No subject alternative names present." This issue occurs when the server certificate lacks the necessary Subject Alternative Name (SAN) fields that match the hostname or IP address used to access the web service.

To resolve this problem, follow these steps:

1. Extract the Certificate from Certs.txt

Extract the portion of the certs.txt file between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. This is the server certificate.

2. Modifying the Certificate Name (Optional)

You mentioned that you need to modify the certificate name to be equal to the IP address AAA.BBB.CCC.DDD. However, according to the documentation you provided, this may not be necessary. If you have control over the server, you should ensure that the certificate contains a SAN field that matches AAA.BBB.CCC.DDD. Otherwise, you can attempt to use the hostname as the SAN field and check if that resolves the issue.

3. Import the Modified Certificate (Optional)

If you modified the certificate, you need to import it using keytool -importcert -file fileWithModifiedCertificate.

4. Disable HTTPS Checks (Not Recommended)

Alternatively, you can disable HTTPS checks by following the approach outlined in the response you provided. This involves creating a trust manager and hostname verifier that ignores certificate validation. However, this solution is not recommended for production use.

5. Use the Hostname (Optional)

If you cannot modify the certificate or disable HTTPS checks, you can try using the hostname (someSubdomain.someorganisation.com) instead of the IP address when connecting to the web service. Check if that resolves the issue.

Remember that the best solution depends on your specific circumstances and the level of security required for your application.

The above is the detailed content of Why am I getting the 'java.security.cert.CertificateException: No Subject Alternative Names Present' Error When Connecting to a Web Service via HTTPS?. For more information, please follow other related articles on the PHP Chinese website!