如何修复"java.security.cert.CertificateException: No subject alternative names present“错误?
如何修复"java.security.cert.CertificateException: No subject alternative names present“错误?
提问于 2013-10-23 19:23:27
我有一个Java web服务客户端,它通过HTTPS使用web服务。
import javax.xml.ws.Service;
@WebServiceClient(name = "ISomeService", targetNamespace = "http://tempuri.org/", wsdlLocation = "...")
public class ISomeService
extends Service
{
public ISomeService() {
super(__getWsdlLocation(), ISOMESERVICE_QNAME);
}当我连接到服务URL (https://AAA.BBB.CCC.DDD:9443/ISomeService )时,我得到异常java.security.cert.CertificateException: No subject alternative names present。
为了解决这个问题,我首先运行了openssl s_client -showcerts -connect AAA.BBB.CCC.DDD:9443 > certs.txt,并在文件certs.txt中获得了以下内容
CONNECTED(00000003)
---
Certificate chain
0 s:/CN=someSubdomain.someorganisation.com
i:/CN=someSubdomain.someorganisation.com
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=someSubdomain.someorganisation.com
issuer=/CN=someSubdomain.someorganisation.com
---
No client certificate CA names sent
---
SSL handshake has read 489 bytes and written 236 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 512 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Session-ID-ctx:
Master-Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Key-Arg : None
Start Time: 1382521838
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---AFAIK,现在我需要
- 提取
-----BEGIN CERTIFICATE-----和-----END CERTIFICATE-----之间的certs.txt部分, - 对其进行修改,使证书名称等于
AAA.BBB.CCC.DDD和 - ,然后使用
keytool -importcert -file fileWithModifiedCertificate导入结果(其中D17是操作1和2的结果)。
这是正确的吗?
如果是这样,我如何使步骤1中的证书与基于IP的地址(AAA.BBB.CCC.DDD)一起工作?
更新1 (23.10.2013 15:37MSK):在回答similar question时,我读到了以下内容:
如果您无法控制该服务器,请使用它的主机名(前提是现有证书中至少有一个CN与该主机名匹配)。
"use“到底是什么意思?
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/19540289
复制相关文章
相似问题
腾讯云开发者
