JDK安全证书的一个错误消息 No subject alternative names present的解决办法_JAVA_编程开发_程序员俱乐部

中国优秀的程序员网站程序员频道CXYCLUB技术地图
热搜:
更多>>
 
您所在的位置: 程序员俱乐部 > 编程开发 > JAVA > JDK安全证书的一个错误消息 No subject alternative names present的解决办法

JDK安全证书的一个错误消息 No subject alternative names present的解决办法

 2019/12/14 9:51:09  JerryWang_SAP  程序员俱乐部  我要评论(0)
  • 摘要:我使用Java消费某网站一个RestfulAPI时,遇到这个错误:21:31:16.383[main]DEBUGorg.springframework.web.client.RestTemplate-CreatedGETrequestfor"https://127.0.0.1:5031/commerce/product"21:31:16.388[main]DEBUGorg.springframework.web.client.RestTemplate
  • 标签:解决办法 解决 jdk 一个 错误

class="cye-lm-tag" style="">我使用Java消费某网站一个Restful API时,遇到这个错误

21:31:16.383 [main] DEBUG org.springframework.web.client.RestTemplate - Created GET request for "https://127.0.0.1:5031/commerce/product"
21:31:16.388 [main] DEBUG org.springframework.web.client.RestTemplate - Setting request Accept header to [text/plain, application/json, application/*+json,?/]
Exception in thread "main" org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://127.0.0.1:5031/commerce/product": java.security.cert.CertificateException: No subject alternative names present; nested exception is?javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:673)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:620)
at org.springframework.web.client.RestTemplate.getForEntity(RestTemplate.java:319)
at com.sap.prolikeService.service.impl.CommerceProductService.getProductDetailByID(CommerceProductService.java:23)
at com.sap.prolikeService.sandbox.SandboxTest.getProductDetailTest(SandboxTest.java:45)
at com.sap.prolikeService.sandbox.SandboxTest.main(SandboxTest.java:49)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1506)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at?sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at?sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at?sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:78)
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:659)
... 5 more
Caused by: java.security.cert.CertificateException: No subject alternative names present
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:144)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:93)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1488)
... 19 more

错误的核心就一句:No subject alternative names present

解决方案:重新生成证书,将缺失的IP地址包含在证书的extension部分即可。命令行如下:

keytool -genkey -alias tomcat2 -keyalg RSA -keystore ./jerry2.keystore -ext SAN=dns:test.abc.com,ip:127.0.0.1

证书生成后,在Subject Alternative names区域能看到IP地址:

之后原始的错误就消失了:

要获取更多Jerry的原创文章,请关注公众号"汪子熙":

发表评论
用户名: 匿名