我正在开发一个Web服务客户端来访问位于HTTPS负载均衡器后面的HTTPS Web服务。但我得到了例外。
com.sun.xml.internal.ws.wsdl.parser.InaccessibleWSDLException: 2 counts of InaccessibleWSDLException.
java.io.IOException: Got java.security.cert.CertificateException: No subject alternative names present while opening stream from https://HOST:PORT/itim/services/WSSessionService/WEB-INF/wsdl/WSSessionService.wsdl
java.io.IOException: Got java.security.cert.CertificateException: No subject alternative names present while opening stream from https://HOST:PORT/itim/services/WSSessionService/WEB-INF/wsdl/WSSessionService.wsdl?wsdl
HOST 和 PORT 是负载均衡器的IP地址和端口。
我可以从浏览器访问此网址 - https://HOST:PORT/itim/services/WSSessionService/WEB-INF/wsdl/WSSessionService.wsdl
但不是这个 - https://HOST:PORT/itim/services/WSSessionService/WEB-INF/wsdl/WSSessionService.wsdl?wsdl
我使用此代码忽略证书 -
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager(){
public X509Certificate[] getAcceptedIssuers(){return null;}
public void checkClientTrusted(X509Certificate[] certs, String authType){}
public void checkServerTrusted(X509Certificate[] certs, String authType){}
}};
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
;
}
这是完整的堆栈跟踪:
[ERROR ] SRVE0777E: Exception thrown by application class 'com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex:196'
com.sun.xml.internal.ws.wsdl.parser.InaccessibleWSDLException: 2 counts of InaccessibleWSDLException.
java.io.IOException: Got java.security.cert.CertificateException: No subject alternative names present while opening stream from https://HOST:PORT/itim/services/WSSessionService/WEB-INF/wsdl/WSSessionService.wsdl
java.io.IOException: Got java.security.cert.CertificateException: No subject alternative names present while opening stream from https://HOST:PORT/itim/services/WSSessionService/WEB-INF/wsdl/WSSessionService.wsdl?wsdl
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:196)
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:168)
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:133)
at com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:272)
at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:235)
at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:183)
at com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:101)
at javax.xml.ws.Service.<init>(Service.java:89)
at com.ibm.itim.ws.services.WSSessionService_Service.<init>(WSSessionService_Service.java:50)
at examples.ws.GenericWSClient.getSessionService(GenericWSClient.java:150)
at examples.ws.MyServlet.doGet(MyServlet.java:59)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:575)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1240)
at [internal classes]
答案 0 :(得分:1)
keytool -genkey -alias YOUR_ALIAS -keyalg RSA -keystore YOUR_PATH_KS keytool -exportcert -alias -file YOUR_PATH_CERTIFICATE -keystore YOUR_PATH_KS
cd %JAVA_HOME%\jre\lib\security
keytool -import -trustcacerts -keystore cacerts -alias YOUR_HOSTNAME -file YOUR_PATH_CERTIFICATE
答案 1 :(得分:0)
不应该使用&#34; SSL&#34;来初始化您的SSLCOntext。而不是&#34; TLS&#34; ?
SSLContext sc = SSLContext.getInstance("SSL");
另外,请尝试添加主机名验证器:
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession arg1) {
if (hostname.equals("your host ip")
return true;
return false;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(hv);
请注意,这是一种解决方法。需要做的是证书必须使用主题备用名称条目(即san = ip:您的主机)生成CN和DNS网络名称。这可能是实际的解决方案。
答案 2 :(得分:0)
感谢您的回答,但我只需在hosts文件中添加一个条目即可解决此问题。
ip_address example.com
其中example.com是证书的CN