堆栈跟踪是:
Caused by: java.security.cert.CertificateException: No subject alternative names present
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:144) ~[na:1.8.0_65]
at sun.security.util.HostnameChecker.match(HostnameChecker.java:93) ~[na:1.8.0_65]
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455) ~[na:1.8.0_65]
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436) ~[na:1.8.0_65]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200) ~[na:1.8.0_65]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[na:1.8.0_65]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) ~[na:1.8.0_65]
解决方案是:your certificate should include that ip value as a subject alternative name value (of type IPAddress : key=7).
但是,当我生成证书时,如何将ip值包含为主题备用名称值?
答案 0 :(得分:1)
我会尝试使用opessl。检查这个网址,你会发现你需要的。 opensslSAN。
看一下这部分:文字:
“因此,通过使用通过命令行编写的OpenSSL主题的通用语法,您需要指定上述所有内容(OU是可选的)并添加另一个名为subjectAltName =的部分。 通过在subjectAltName“字段下添加DNS.n(其中n是序列号)条目,您可以根据需要添加任意数量的”备用名称“,甚至与主域无关。 显然,除非另有说明,否则大多数SSL产品都会涵盖第一级父域。 所以这是一个生成证书的例子“
openssl req -new -key endpoint.com.key -sha256 -nodes -subj '/C=US/ST=New York/L=New York/O=End Point/OU=Hosting Team/CN=www.endpoint.com/ emailAddress=administrative-not-existent-address@our-awesome-domain.com/ subjectAltName=DNS.1=endpoint.com' > www.endpoint.com.csr