java.security.cert.CertificateException:不存在主题替代名称; [英] java.security.cert.CertificateException: No subject alternative names present;
问题描述
我正在使用 WSO2 API管理器
版本 1.9.1
。在这个工具中,我发布了我的示例项目(即 proxied
)并订阅该项目以获取消费者密钥和密钥。这个工具也给了我CURL命令,它工作正常。
I am using WSO2 API Manager
version 1.9.1
. In this tool, I publish my sample project (i.e., proxied
) and subscribe that project to get consumer key and secret. This tool also gives me CURL command which works fine.
以下CURL命令运行正常。
The below CURL command which runs fine.
curl -k -d "grant_type=password&username=XXXXX&password=XXXXX" -H "Authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, Content-Type: application/x-www-form-urlencoded" https://XXXXXXXXXXX:XXXX/token
现在我正在尝试使用<开发 java
代码code> RestTemplate 将连接到 SSL受保护的网站
,而不用证书验证
即,不安全
查看上面的CURL命令。
到目前为止,我开发了以下代码,但是当我运行时,我看到以下错误。
Now I'm trying to developed the java
code using RestTemplate
which will connect to SSL protected site
without cert verification
i.e., insecure
way looking at above CURL command.
So far I developed below code, but when I run I see following error coming.
public static void main(String[] args) {
HttpHeaders headers = new HttpHeaders();
headers.add("Accept", "application/json");
headers.add("Content-Type", MediaType.APPLICATION_FORM_URLENCODED.toString());
headers.add("Authorization", "Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
String url = "https://XXXXXXXXXXXXXX:XXXX/token";
String data = "grant_type=password&username=XXXXX&password=XXXXX";
RestTemplate restTemplate = new RestTemplate();
HttpEntity<String> entity = new HttpEntity<String>(data,headers);
HttpEntity<String> response = restTemplate.exchange(url, HttpMethod.POST, entity, String.class);
System.out.println("RESPONSE : "+response.getBody());
}
我面临的错误。 请建议我们如何连接到SSL网站不安全的方式,相同的curl命令呢?
Exception in thread "main" org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://XXXXXXXXXXX:8243/token":java.security.cert.CertificateException: No subject alternative names present; nested exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:580)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:530)
at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:448)
at com.java.wso2.TokenDemo.main(TokenDemo.java:74)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:81)
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:569)
... 3 more
我们如何解决这个错误?偏离我的问题与 javax.net.ssl不同.SSLHandshakeException:java.security.cert.CertificateException:不存在主题替代名称
How we can solve this error? Off-course my issue is not similar to javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
推荐答案
以下问题可以是通过应用以下代码解决,这些代码以不安全的方式连接到受SSL保护的站点。 (注意:为了使用证书启用连接到SSL站点,您需要添加tomcat SSL配置。)
The following issue can be solve by applying following code, which connect to SSL protected site in a insecure way. (Note: In order to connect to SSL site with cert enable you need to add the tomcat SSL configuration).
以下代码可以正常工作。
The following code works fine.
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.web.client.RestTemplate;
static {
disableSslVerification();
}
private static void disableSslVerification() {
try{
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}
};
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// Create all-trusting host name verifier
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
}
public static void main(String[] args) {
HttpHeaders headers = new HttpHeaders();
headers.add("Accept", "application/json");
headers.add("Content-Type", MediaType.APPLICATION_FORM_URLENCODED.toString());
headers.add("Authorization", "Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXX");
String url = "https://XXXXXXXXXXXXX:XXXX/token";
String dataJSON = "grant_type=password&username=XXXXX&password=XXXXX";
RestTemplate restTemplate = new RestTemplate();
HttpEntity<String> entity = new HttpEntity<String>(dataJSON,headers);
HttpEntity<String> response = restTemplate.exchange(url, HttpMethod.POST, entity, String.class);
System.out.println("O/P : "+response.getBody());
}
这篇关于java.security.cert.CertificateException:不存在主题替代名称;的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!