1. 技术文章
  2. javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present

给你一囗甜甜゛ 提交于 2019-12-19 04:36:25

问题


Basically, I have a Test server (Linux based) with a public IP bot no public hostname. So I am trying to create ssl certificates for it using IP address. So that my Java application can access another application using the IP address: For example like: 

https://210.10.10.10:8443/abc

I followed below post: How are SSL certificate server names resolved/Can I add alternative names using keytool?

I did try both the ways as suggested to avoid this exception but non is working. I am getting the same error.

  1. I tried Editing the "openssl.cnf" and adding the :

     [req]
  req_extensions = v3_req

 [ v3_req ]

  # Extensions to add to a certificate request
  subjectAltName=IP:210.10.10.10
  # or subjectAltName=DNS:www.example.com

  basicConstraints = CA:FALSE
  keyUsage = nonRepudiation, digitalSignature, keyEncipherment

2. And also tried Using the Java 1.7 keytool:

Like creating (Created in windows having java 1.7 and copied all certs and jks files to Linx server env, running on java 1.6) :

    keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore myServerKeystore2.jks -srckeystore serverCertAsPK12.p12  -srcstoretype PKCS12 -alias servercertificate -ext SAN=ip:210.10.10.10

I have my environment setup is like below : Server is Linux (CentOS), Tomcat 6, JDK 1.6, Application is JAVA application Used Openssl to create all certificates and JKS

Still Getting java.security.cert.CertificateException: No subject alternative names Exception.

Then I tried to create the JKS files and imported into default javastore file (cacerts) using the keytool (in Java 1.7 env) on windows machine and exported these JKS and cacert file to Linux server.

Then also Still Getting java.security.cert.CertificateException: No subject alternative names Exception.

------- Updated below on 19 June on reply to Bruno ---------

Below is my tomcat server.xml settings :

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           truststoreFile="/usr/local/apache-tomcat-6.0.37/conf/cacerts.jks" truststorePass="changeit"
           keystoreFile="/usr/local/apache-tomcat-6.0.37/conf/myServerKeystore2.jks" keystorePass="changeit"
           clientAuth="false" sslProtocol="TLS" />

Where "cacerts.jks" is my client keystore file and "myServerKeystore2.jks" is my server keystore file.

I have followed each step on this tutorial to create ssl certificates using openssl.

Please help.

来源:https://stackoverflow.com/questions/17167691/javax-net-ssl-sslhandshakeexception-java-security-cert-certificateexception-no

标签
java
ssl
https
CAS
keytool
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!