您现在的位置是:首页 > 文章详情

JDK安全证书的一个错误消息 No subject alternative names present的解决办法

日期:2020-01-02点击:339

我使用Java消费某网站一个Restful API时,遇到这个错误:

21:31:16.383 [main] DEBUG org.springframework.web.client.RestTemplate - Created GET request for "https://127.0.0.1:5031/commerce/product"
21:31:16.388 [main] DEBUG org.springframework.web.client.RestTemplate - Setting request Accept header to [text/plain, application/json, application/+json, /*]

Exception in thread "main" org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://127.0.0.1:5031/commerce/product": java.security.cert.CertificateException: No subject alternative names present; nested exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present

at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:673) at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:620) at org.springframework.web.client.RestTemplate.getForEntity(RestTemplate.java:319) at com.sap.prolikeService.service.impl.CommerceProductService.getProductDetailByID(CommerceProductService.java:23) at com.sap.prolikeService.sandbox.SandboxTest.getProductDetailTest(SandboxTest.java:45) at com.sap.prolikeService.sandbox.SandboxTest.main(SandboxTest.java:49)

Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1506) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153) at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:78) at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48) at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53) at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:659) ... 5 more

Caused by: java.security.cert.CertificateException: No subject alternative names present

at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:144) at sun.security.util.HostnameChecker.match(HostnameChecker.java:93) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1488) ... 19 more 

错误的核心就一句:No subject alternative names present

clipboard1,1

解决方案:重新生成证书,将缺失的IP地址包含在证书的extension部分即可。命令行如下:

keytool -genkey -alias tomcat2 -keyalg RSA -keystore ./jerry2.keystore -ext SAN=dns:test.abc.com,ip:127.0.0.1

证书生成后,在Subject Alternative names区域能看到IP地址:

clipboard2,2

之后原始的错误就消失了:

clipboard3,3

本文来自云栖社区合作伙伴“汪子熙”,了解相关信息可以关注微信公众号"汪子熙"。

原文链接:https://yq.aliyun.com/articles/741524
关注公众号

低调大师中文资讯倾力打造互联网数据资讯、行业资源、电子商务、移动互联网、网络营销平台。

持续更新报道IT业界、互联网、市场资讯、驱动更新,是最及时权威的产业资讯及硬件资讯报道平台。

转载内容版权归作者及来源网站所有,本站原创内容转载请注明来源。

文章评论

共有0条评论来说两句吧...

文章二维码

扫描即可查看该文章

点击排行

推荐阅读

最新文章