我在通过java代码访问https网址时遇到异常。 当我尝试访问时,我得到以下异常:
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:81)
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:569)
... 131 more
Caused by: java.security.cert.CertificateException: No name matching localhost found
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:221)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
我尝试使用以下命令生成SSL证书:
./jdk1.8/bin/keytool -genkey -keystore /srv/jakarta/.keystore -alias ALIAS \
-keyalg RSA -keysize 4096 -validity 720
Enter keystore password: # well, enter something
Re-enter new password: # same as above
What is your first and last name?
[Unknown]: localhost # !!! IMPORTANT this is the domain name, NOT YOUR name
What is the name of your organizational unit?
[Unknown]: # enter something or leave empty
What is the name of your organization?
[Unknown]: # enter something or leave empty
What is the name of your City or Locality?
[Unknown]: # enter something or leave empty
What is the name of your State or Province?
[Unknown]: # enter something or leave empty
What is the two-letter country code for this unit?
[Unknown]: # enter something or leave empty
Is CN=example com, OU=Foo, O=Bar, L=City, ST=AA, C=FB correct?
[no]: yes
Enter key password for <lea-prod>
(RETURN if same as keystore password): # Press RETURN
并使用以下tomcat / server.xml配置:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keyAlias="ALIAS" keystoreFile="/srv/jakarta/.keystore"
keystorePass="PW from step 1" />
然而,它仍然无法正常工作,我面临同样的错误。
有什么办法可以解决这个问题吗? 感谢
答案 0 :(得分:4)
嗯,这正是错误消息的结果。您的证书是使用通用名称example.com颁发的。但是,您在地址栏中输入了localhost作为服务器的名称。显然,这两个不匹配。您还应将证书公用名(CN)更改为localhost,即重新生成证书,但使用正确的名称localhost。
在下一步中,您需要将该证书导入浏览器的证书库。但这是另一个话题。在更正证书的通用名称后,该例外应该消失。
答案 1 :(得分:0)
我相信您正在尝试访问HTTPS协议上托管的服务。在这种情况下,您需要获取网站/服务的证书并将其添加到您的Java密钥库。这是您应该在生产代码中使用证书的方式
或者,您可以覆盖HostNameVerifier类以抑制任何错误,并在Java SSL上下文中将其设置为忽略任何错误。理想情况下,用户可以抑制检入测试代码或SSL证书不可用。