javagirl
Reputation: 117
java.security.cert.CertificateException: No subject alternative names present
I am getting the certificate exception below. How do I check the CN of the self signed certificate after I've created it? I am pretty sure that I used the IP address of the development server and I don't understand what could be wrong.
Exception in thread "main" javax.xml.ws.WebServiceException: Failed to access the WSDL at: https://xx.x.x.xxx:yyyy/myappname/myservleturl?wsdl. It failed with:
java.security.cert.CertificateException: No subject alternative names present.
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:151)
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:133)
at com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:234)
at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:197)
at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:145)
at com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:93)
at javax.xml.ws.Service.<init>(Service.java:56)
at javax.xml.ws.Service.create(Service.java:680)
at com.mycompanyname.st.client.Client.main(Client.java:32)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1209)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:135)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1195)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at java.net.URL.openStream(URL.java:1010)
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:793)
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDLParser.java:251)
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:118)
... 7 more
Caused by: java.security.cert.CertificateException: No subject alternative names present
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:142)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:75)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:264)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:250)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1188)
... 22 more
Edited part starts here:
Thank you to @My-Name-Is, I did the following:
keytool -printcert -v -file serverdev.cer
And got this result:
Owner: CN=xx.x.x.xxx, OU=it, O=companyname, L=cityname, ST=provincename, C=ca
Issuer: CN=xx.x.x.xxx, OU=it, O=companyname, L=cityname, ST=provincename, C=ca
Serial number: somestringhere
Valid from: Fri Feb 28 16:11:14 EST 2014 until: Thu May 29 17:11:14 EDT 2014
Certificate fingerprints:
MD5: someotherstringhere
SHA1: andyetanotherstringhere
Please note that I verified that the CN xx.x.x.xxx matches the ip address of the development server. So, what could be wrong exactly?
Upvotes: 1
Views: 21376
Answers (1)
A. Shaheen
Reputation: 105
You can resolve it using a simple solution in your operating system by mapping the DNS found on the certificate with the IP address you actually access. for example if the certificate issued for DNS mydomain.com and you are accessing this ip address 10.10.10.0 then add the following record on hosts file found here (if you are using windows)
C:\WINDOWS\system32\drivers\etc
add this line
10.10.10.0 mydomain.com
then change the URL you are accessing to use this domain mydomain.com instead of IP address, now Windows will replace mydomain.com with your IP address 10.10.10.0 for all requests.
Upvotes: 1
Related Questions
- How to fix the "java.security.cert.CertificateException: No subject alternative names present" error?
- java.security.cert.CertificateException: No subject alternative names present;
- JAX-WS, trusting all ssl certificates not working
- Subject Alternative Name must have scheme to be working in java?
- Java Root CA Certificate present - getting SSL Handshake Exception
- SSLHandshakeException: No subject alternative names present
- CertificateException: No subject alternative names present
- Java - ssl certificate with JAX-WS client
- How do I use a SSL .cert file with JAX-WS?
- No subject alternative names present exception when creating web service client