我在下面获得证书例外。在创建自签名证书后如何检查CN?我很确定我使用了开发服务器的IP地址,但我不明白可能出现的问题。
Exception in thread "main" javax.xml.ws.WebServiceException: Failed to access the WSDL at: https://xx.x.x.xxx:yyyy/myappname/myservleturl?wsdl. It failed with:
java.security.cert.CertificateException: No subject alternative names present.
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:151)
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:133)
at com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:234)
at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:197)
at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:145)
at com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:93)
at javax.xml.ws.Service.<init>(Service.java:56)
at javax.xml.ws.Service.create(Service.java:680)
at com.mycompanyname.st.client.Client.main(Client.java:32)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1209)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:135)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1195)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at java.net.URL.openStream(URL.java:1010)
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:793)
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDLParser.java:251)
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:118)
... 7 more
Caused by: java.security.cert.CertificateException: No subject alternative names present
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:142)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:75)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:264)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:250)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1188)
... 22 more
编辑部分从这里开始:
感谢@ My-Name-Is,我做了以下事情:
keytool -printcert -v -file serverdev.cer
得到了这个结果:
Owner: CN=xx.x.x.xxx, OU=it, O=companyname, L=cityname, ST=provincename, C=ca
Issuer: CN=xx.x.x.xxx, OU=it, O=companyname, L=cityname, ST=provincename, C=ca
Serial number: somestringhere
Valid from: Fri Feb 28 16:11:14 EST 2014 until: Thu May 29 17:11:14 EDT 2014
Certificate fingerprints:
MD5: someotherstringhere
SHA1: andyetanotherstringhere
请注意,我确认CN xx.x.x.xxx与开发服务器的IP地址匹配。那么,究竟可能出现什么问题呢?
答案 0 :(得分:1)
您可以使用操作系统中的简单解决方案解决此问题,方法是将证书上的DNS映射到您实际访问的IP地址。例如,如果为DNS mydomain.com颁发证书并且您正在访问此IP地址10.10.10.0,则在此处找到的hosts文件中添加以下记录(如果您使用的是Windows)
C:\窗口\ system32 \驱动程序\等
添加此行
10.10.10.0 mydomain.com
然后更改您访问的URL以使用此域名mydomain.com而不是IP地址,现在Windows将使用您的IP地址10.10.10.0替换mydomain.com以获取所有请求。