使用IP调用https的webservice问题
www.acgist.com/article/393.html
使用IP调用https的webservice问题2017年02月08日 错误信息:
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 | Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present at sun.security.ssl.Alerts.getSSLException(Alerts.java:
192
) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:
1949
) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:
302
) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:
296
) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:
1509
) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:
216
) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:
979
) at sun.security.ssl.Handshaker.process_record(Handshaker.java:
914
) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:
1062
) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:
1375
) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:
1403
) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:
1387
) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:
559
) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:
185
) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:
1283
) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:
1258
) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:
250
) at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:
104
) ...
39
more Caused by: java.security.cert.CertificateException: No subject alternative names present at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:
144
) at sun.security.util.HostnameChecker.match(HostnameChecker.java:
93
) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:
455
) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:
436
) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:
200
) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:
124
) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:
1491
) ...
52
more |
| 1 2 3 4 5 | javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address xxx.xxx.xxx.xxx found at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:
174
) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:
1747
) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:
241
) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:
235
) |
1.使用域名访问
2.忽略SSL证书,代码如下:
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 | package
com.sojson.www.zhanzhang.utils;
import
java.security.cert.CertificateException;
import
java.security.cert.X509Certificate;
import
javax.net.ssl.HostnameVerifier;
import
javax.net.ssl.HttpsURLConnection;
import
javax.net.ssl.SSLContext;
import
javax.net.ssl.SSLSession;
import
javax.net.ssl.TrustManager;
import
javax.net.ssl.X509TrustManager;
public
class
SslUtils { private
static
void
trustAllHttpsCertificates()
throws
Exception { TrustManager[] trustAllCerts =
new
TrustManager[
1
];
TrustManager tm =
new
miTM();
trustAllCerts[
0
] = tm;
SSLContext sc = SSLContext.getInstance(
"SSL"
);
sc.init(
null
, trustAllCerts,
null
);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} static
class
miTM
implements
TrustManager,X509TrustManager { public
X509Certificate[] getAcceptedIssuers() { return
null
;
} public
boolean
isServerTrusted(X509Certificate[] certs) { return
true
;
} public
boolean
isClientTrusted(X509Certificate[] certs) { return
true
;
} public
void
checkServerTrusted(X509Certificate[] certs, String authType) throws
CertificateException { return
;
} public
void
checkClientTrusted(X509Certificate[] certs, String authType) throws
CertificateException { return
;
} } /** * 忽略HTTPS请求的SSL证书,必须在openConnection之前调用 * @throws Exception */ public
static
void
ignoreSsl()
throws
Exception{ HostnameVerifier hv =
new
HostnameVerifier() { public
boolean
verify(String urlHostName, SSLSession session) { return
true
;
} };
trustAllHttpsCertificates();
HttpsURLConnection.setDefaultHostnameVerifier(hv);
} } |
推荐阅读
- 由浅入深理解AOP
- 【译】20个更有效地使用谷歌搜索的技巧
- mybatisplus如何在xml的连表查询中使用queryWrapper
- MybatisPlus|MybatisPlus LambdaQueryWrapper使用int默认值的坑及解决
- MybatisPlus使用queryWrapper如何实现复杂查询
- 画解算法(1.|画解算法:1. 两数之和)
- SpringBoot调用公共模块的自定义注解失效的解决
- iOS中的Block
- Linux下面如何查看tomcat已经使用多少线程
- thinkphp|thinkphp 3.2 如何调用第三方类库