How to Fix the "java.security.cert.CertificateException: No subject alternative names present" Error in Java Web Services?

Fixing the "java.security.cert.CertificateException: No subject alternative names present" Error

In Java web service clients consuming HTTPS services, the "java.security.cert.CertificateException: No subject alternative names present" error occurs when the certificate lacks subject alternative names. Here's a step-by-step solution:

To fix this issue:

1. Retrieve the Certificate: Run "openssl s_client -showcerts -connect AAA.BBB.CCC.DDD:9443 > certs.txt" to obtain the certificate.
2. Extract the Certificate: Copy the text between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" from certs.txt.
3. Modify the Certificate: Replace the certificate name with "AAA.BBB.CCC.DDD" to match the IP address.
4. Import the Certificate: Use "keytool -importcert -file fileWithModifiedCertificate" to import the modified certificate.

Alternatively, to use the host name instead of the certificate:

1. Disable SSL Verification: Add the following code to your ISomeService class:

static {
    disableSslVerification();
}

private static void disableSslVerification() {
    // ... same code as above for disabling SSL verification ...
}

2. Understand the "Use" Meaning: "Use" refers to using the host name as the server identity, even though the certificate contains a different name.

The above is the detailed content of How to Fix the "java.security.cert.CertificateException: No subject alternative names present" Error in Java Web Services?. For more information, please follow other related articles on the PHP Chinese website!