Home >Java >javaTutorial >How to Fix the 'java.security.cert.CertificateException: No Subject Alternative Names Present' Error in Java?

How to Fix the 'java.security.cert.CertificateException: No Subject Alternative Names Present' Error in Java?

DDD
DDDOriginal
2024-11-08 02:18:02994browse

How to Fix the

Troubleshooting "java.security.cert.CertificateException: No Subject Alternative Names Present" Error in Java

When connecting to an HTTPS web service using a Java client, encountering the exception "java.security.cert.CertificateException: No subject alternative names present" can be frustrating. Here's how to address this issue:

Verifying Certificate Information

To obtain the server's certificate details, use the command "openssl s_client -showcerts -connect AAA.BBB.CCC.DDD:9443 > certs.txt." The resulting file "certs.txt" contains:

  • Chain of Certificates: Identify the certificate containing "CN=AAA.BBB.CCC.DDD."
  • Server Certificate: Extract the section between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" for this certificate.

Alternative Solution

Regarding Step 1 of the Proposed Solution:

  • Extracting the certificate alone is incorrect; it requires additional modifications.
  • The goal is to create a certificate that matches the IP address (AAA.BBB.CCC.DDD).

Regarding Step 2 of the Proposed Solution:

  • Modifying the certificate to include AAA.BBB.CCC.DDD requires specific tools and expertise, making this step impractical.

Recommended Approach

Consider the following alternatives:

  • Disable HTTPS Checks:
// In the ISomeService class:
static {
    disableSslVerification();
}

private static void disableSslVerification() {
    // ... [Code to disable HTTPS checks as described in the provided answer]
}
  • Implement a Custom Hostname Verifier:
// In the ISomeService class:
HostnameVerifier customVerifier = new HostnameVerifier() {
    @Override
    public boolean verify(String hostname, SSLSession session) {
        // Perform custom hostname verification, such as accepting the IP address (AAA.BBB.CCC.DDD).
        return true;
    }
};

HttpsURLConnection httpsConn = (HttpsURLConnection) url.openConnection();
httpsConn.setHostnameVerifier(customVerifier);

Caution: Disabling HTTPS checks or implementing a custom hostname verifier can compromise security. Use these approaches only for testing or in controlled environments.

The above is the detailed content of How to Fix the 'java.security.cert.CertificateException: No Subject Alternative Names Present' Error in Java?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn