问题
Clarification A: Since this is an SSL question, I hope I can lower the obvious security red flags and potentially save the time of our resident SSL security experts, by stating the following:
- This SSL communication is between a test machine and a product deployment that is not ready for final security work (ie: after initial testing is complete, a security team will fix all the certificates, ports, settings, etc...)
- At this point, both test client and test target machines are far less "mission critical" than the office coffee machine. We don't care if they get hacked, the data inside has no stealing/ransoming worth
- Everything is done within a local network that does not have any physical connection to the internet
Clarification B: While the obvious answer would be "have your devops finally manage to create machines without broken certificates" - well, we are not that evolved yet :) Also, if Postman and SoapUI can do this, I think it's important that the Java programming community knows how to do this too!
Now, to the question:
I am getting: java.security.cert.CertificateException: No subject alternative DNS name matching beta-automaton-api.localnet found
I've found google results and SO questions such as: https://stackoverflow.com/questions/51622117/issue-with-dns-naming-and-certificates-ldap-context/51646182?r=SearchResults&s=5|11.6157#51646182
Where the "temporary patch, don't push this to production" is to start java with:-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true
However, I am still getting the same exception...
I am even checking inside the SOAP client:
System.getProperty"com.sun.jndi.ldap.object.disableEndpointIdentification"); // true
- Using Java 1.8.0_261
- The way I actually start java is that my "SOAP client" is actually a JUnit5 method in a maven project, under test source section... I have @Test annotation for the leading method and execute it with IntelliJ-IDEA's run configuration, where VM Options are:
-ea -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true
Any ideas why this "patch trick" with -D...disableEndpointIdentification doesn't work for me?
来源:https://stackoverflow.com/questions/64590737/during-an-ssl-soap-request-sslhandshake-consume-ignores-value-of-com-sun-jndi-l