How to Fix the "java.security.cert.CertificateException: No Subject Alternative Names Present" Error in Java?

Troubleshooting "java.security.cert.CertificateException: No Subject Alternative Names Present" Error in Java

When connecting to an HTTPS web service using a Java client, encountering the exception "java.security.cert.CertificateException: No subject alternative names present" can be frustrating. Here's how to address this issue:

Verifying Certificate Information

To obtain the server's certificate details, use the command "openssl s_client -showcerts -connect AAA.BBB.CCC.DDD:9443 > certs.txt." The resulting file "certs.txt" contains:

• Chain of Certificates: Identify the certificate containing "CN=AAA.BBB.CCC.DDD."
• Server Certificate: Extract the section between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" for this certificate.

Alternative Solution

Regarding Step 1 of the Proposed Solution:

• Extracting the certificate alone is incorrect; it requires additional modifications.
• The goal is to create a certificate that matches the IP address (AAA.BBB.CCC.DDD).

Regarding Step 2 of the Proposed Solution:

• Modifying the certificate to include AAA.BBB.CCC.DDD requires specific tools and expertise, making this step impractical.

Recommended Approach

Consider the following alternatives:

• Disable HTTPS Checks:

// In the ISomeService class:
static {
    disableSslVerification();
}

private static void disableSslVerification() {
    // ... [Code to disable HTTPS checks as described in the provided answer]
}

• Implement a Custom Hostname Verifier:

// In the ISomeService class:
HostnameVerifier customVerifier = new HostnameVerifier() {
    @Override
    public boolean verify(String hostname, SSLSession session) {
        // Perform custom hostname verification, such as accepting the IP address (AAA.BBB.CCC.DDD).
        return true;
    }
};

HttpsURLConnection httpsConn = (HttpsURLConnection) url.openConnection();
httpsConn.setHostnameVerifier(customVerifier);

Caution: Disabling HTTPS checks or implementing a custom hostname verifier can compromise security. Use these approaches only for testing or in controlled environments.

The above is the detailed content of How to Fix the "java.security.cert.CertificateException: No Subject Alternative Names Present" Error in Java?. For more information, please follow other related articles on the PHP Chinese website!