在我的Web应用程序中,当它尝试向自身发出HTTP请求时,出现此异常
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1570)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:352)
at com.smcc.od.common.capi.OdCommonHelper.processHttpURLConnection(OdCommonHelper.java:593)
at com.smcc.od.common.pipelet.http.ProcessHttpURLConnection.execute(ProcessHttpURLConnection.java:113)
at com.intershop.beehive.core.internal.pipeline.PipeletNode.executeNode(PipeletNode.java:346)
at com.intershop.beehive.core.internal.pipeline.Pipeline.executeNode(Pipeline.java:1116)
at com.intershop.beehive.core.internal.pipeline.Pipeline.executePipeline(Pipeline.java:944)
at com.intershop.beehive.core.internal.pipeline.PipelineProcessorImpl.executePipeline(PipelineProcessorImpl.java:641)
at com.intershop.beehive.core.internal.pipeline.PipelineProcessorImpl.executePipeline(PipelineProcessorImpl.java:484)
at com.intershop.beehive.pipeline.internal.PipelineEngineImpl.executePipeline(PipelineEngineImpl.java:97)
at com.intershop.beehive.core.internal.pipeline.PipelineProcessorImpl.executePipeline(PipelineProcessorImpl.java:421)
at com.intershop.beehive.core.internal.pipeline.PipelineProcessorImpl.executePipeline(PipelineProcessorImpl.java:250)
at com.intershop.beehive.core.pipelet.pipeline.ExecutePipeline$PipelineExecutor.run(ExecutePipeline.java:440)
at com.intershop.beehive.core.internal.execute.ExecutorServiceImpl$ClosingCurrentResourcesRunnable.run(ExecutorServiceImpl.java:176)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.cert.CertificateException: No name matching localhost found
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:231)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:96)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:462)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:442)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:209)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
... 28 common frames omitted
所调用的URL类似于https://localhost:448/foo/bar。
在寻找解决方案时,我试图创建一个自签名HTTPS证书并将其导入到我的JRE的密钥库中。
我已通过Powershell运行此命令来为localhost创建自签名证书:
New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "localhost" -FriendlyName "localhost" -NotAfter (Get-Date).AddYears(10)
然后,我将该证书复制到“受信任的根证书颁发机构”下。我已通过MMC文件将其导出到.cer文件中,并已通过命令将其导入到我的JRE文件中
& 'C:\Program Files\AdoptOpenJDK\jdk-8.0.222.10-hotspot\bin\keytool.exe' -importcert -file D:\temp\certificate\localhost.cer -keystore 'C:\Program Files\AdoptOpenJDK\jdk-8.0.222.10-hotspot\jre\lib\security\cacerts' -alias "localhost"
返回了
Certificate was added to keystore
我已重新启动应用程序服务器,并尝试再次执行该自我HTTP请求,但仍然收到SSLException。
我检查了证书是否确实已导入到JRE中,它是:
& 'C:\Program Files\AdoptOpenJDK\jdk-8.0.222.10-hotspot\bin\keytool.exe' -keystore 'C:\Program Files\AdoptOpenJDK\jdk-8.0.222.10-hotspot\jre\lib\security\cacerts' -list | Select-String "localhost"
返回了
localhost, Oct 28, 2020, trustedCertEntry,
我无法添加自定义javax.net.ssl.HostnameVerifier实现以跳过localhost验证。我缺少一些配置吗?
我的本地环境在Windows 10上。我的Web服务器是Apache。