javax.net.ssl.SSLException:<>的证书不匹配任何主题替代名称:[]

时间:2017-07-20 20:36:41

标签: java ssl https rest-assured

当我尝试使用Postman命中URL时,通过使用我的个人证书可以正常工作。但是当我使用Rest Assured测试用例尝试相同时,它会抛出上述异常。

配置类

public class Configuration {

    protected SSLConfig config = null;
    private static final Logger LOG = LoggerFactory.getLogger(Configuration.class);

    @SuppressWarnings("deprecation")
    @BeforeClass
    public void setKeystore()

    {
        KeyStore keyStore = null;

        KeyStore trustStore = null;
        try {
            String certPassword = System.getProperty("certPassword");
            String certPath = System.getProperty("certPath");

            String trustStorePassword = System.getProperty("trustStorePassword");
            String trustStorePath = System.getProperty("trustStorePath");
            Validate.notNull(certPath, "Path to Certificate on the file system cannot be null");
            Validate.notEmpty(certPassword, "Password cannot be empty");
            Validate.notNull(trustStorePath, "Path to trustStore on the file system cannot be null");
            Validate.notEmpty(trustStorePassword, "TrustStore Password cannot be empty");

            keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new FileInputStream(certPath), certPassword.toCharArray());
            trustStore = KeyStore.getInstance("JKS");
            trustStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray());

            if (keyStore != null) {

                org.apache.http.conn.ssl.SSLSocketFactory clientAuthFactory = new org.apache.http.conn.ssl.SSLSocketFactory(
                        keyStore, certPassword, trustStore);
                config = new SSLConfig().with().sslSocketFactory(clientAuthFactory).and().allowAllHostnames();

            }
            EnvironmentConstants.getEnvironment();

        } catch (Exception e) {
            LOG.error("Error while loading keystore");
            e.printStackTrace();
        }
    }

    @BeforeTest
    public Properties loadproperties() {

        InputStream input = getClass().getClassLoader().getResourceAsStream("errorMessages.properties");
        Properties properties = new Properties();
        try {
            properties.load(input);
        } catch (IOException e) {
            e.printStackTrace();
        }
        return properties;
    }

}

2 个答案:

答案 0 :(得分:3)

这个问题是因为我们公司配置了新的服务器,但没有在服务器证书中包含DNS。所以我的公司在cert.Now中包含服务器名称。它正在运行。

答案 1 :(得分:1)

根据RFC 2818 (the HTTPS specification)

  

如果主机名可用,客户端必须检查它        服务器的证书消息中显示的服务器身份,        为了防止中间人攻击......   如果存在类型为dNSName的subjectAltName扩展名,则必须       用作身份。否则,(最具体的)通用名称       必须使用证书的Subject字段中的字段。虽然       使用Common Name是现有的做法,已弃用和       鼓励证书颁发机构改为使用dNSName。

您应该生成包含所有主机名的SAN扩展证书,并且您计划使用该证书:

keytool -genkeypair \
    -keystore server-keystore.pkcs12 \
    -deststoretype pkcs12 \
    -dname "CN=mydomain.local" \
    -keypass changeit \
    -storepass changeit \
    -keyalg RSA \
    -validity 1825 \
    -keysize 4096 \
    -alias mydomain.local \
    -ext SAN=dns:mydomain.local,dns:mydomain.dev,dns:mydomain.test,dns:localhost
相关问题
最新问题