来自https的wsimport：[错误] java.security.cert.CertificateException：没有主题替代名称 [英] wsimport from https: [ERROR] java.security.cert.CertificateException: No subject alternative names present

问题描述

我正在尝试使用来自https wsdl的wsimport生成一个web服务客户端：

I'm trying to generate a webservice client using wsimport from https wsdl:

call wsimport -d bin -s src -p mypackage.ws https://x.x.x.x:8181/services/SomeService?wsdl

解决安全问题错误我将服务器的证书添加到Java的密钥库中：

For solving security errors I added a server's certificate to Java's keystore:

keytool -import -keystore c:\Java\jdk1.6.0_38\jre\lib\security\cacerts -file c:\ca-dev.crt

但是当我执行wsimport错误时出现：

But when I do wsimport error appears:

[错误] java.security.cert.CertificateException：没有主题替代名称

无法阅读WSDL文档： https： // xxxx：8181 / services / SomeService？wsdl ，因为1）找不到文档; / 2）该文件无法读取
; 3）文档的根元素不是。

Failed to read the WSDL document: https://x.x.x.x:8181/services/SomeService?wsdl, because 1) could not find the document; /2) the document could not be read; 3) the root element of the document is not .

[ERROR] failed.noservice =在提供的WSDL中找不到wsdl：service （s）：

至少需要提供一个至少有一个服务定义的WSDL 。

    Failed to parse the WSDL.

已解决！
添加了与证书CN相同的条目到主机文件。

SOLVED! Added entry with name same as certificate's CN to hosts file.

推荐答案

SSL证书基于主机名。证书的CN必须是您尝试访问的主机名，或者它必须具有可选的主题备用名称条目，该条目与您尝试访问的主机名完全匹配。

An SSL certificate is based on hostnames. Either the certificate's CN must be the hostname you are trying to access, or it must have an optional Subject Alternative Name entry which exactly matches the hostname you are trying to access.

如果可能，请确保https URL中的主机名与CN或证书中的某个主题备用名称完全匹配。许多证书没有主题备用名称，因此如果您在检查证书时找不到任何证书，请不要强调。

If possible, make sure the hostname in your https URL exactly matches the CN or one of the Subject Alternative Names in the certificate. Many certificates have no Subject Alternative Names, so don't stress if you can't find any when you examine the certificate.

有时以这种方式引用主机名isn这是可能的，例如当端口8181只能在局域网内访问并且通过其完整且正确的主机名引用机器时，将使用Internet路由来到达它。据我所知，没有禁用证书检查的命令行方法。一个（显然是非便携式）解决方法是在 hosts 文件中添加一个条目，该文件通常位于％SystemRoot％\ system32 \ Windows中的drivers \etc\hosts ，因此您可以使用证书中的主机名来引用服务器。

Sometimes referring to the hostname in this manner isn't possible, such as when port 8181 is only accessible inside a LAN and referring to the machine by its full and proper hostname would use an Internet route to reach it. As far as I know, there is no command-line means of disabling certificate checking. One (obviously non-portable) workaround is to add an entry to your hosts file, which is typically located at %SystemRoot%\system32\drivers\etc\hosts in Windows, so you can refer to the server with the hostname that is in the certificate.

这篇关于来自https的wsimport：[错误] java.security.cert.CertificateException：没有主题替代名称的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！