Reputation: 6568
I always receive a
java.security.cert.CertificateException: No subject alternative names present
exception, however i've imported the certificate to my trusrstore. Here my Setup:
I'm using a small HTTPS Server based on com.sun.net.httpserver.HttpsServer
. I've create a keystore with a self signed certificate:
keytool -genkey -keyalg RSA -alias myCert -keystore keystore.jks -storepass myPass -validity 360 -keysize 2048
I'm passing the path and password to the keystore as VM arguments Djavax.net.ssl.keyStore=/tmp/truststore.jks
Djavax.net.ssl.keyStorePassword=myPass
If I run openssl s_client -connect 192.168.1.101:4443
I can see that it uses the right certificate.
To trust the certificate on client site, I've exported the certificate from the server keystore and imported it to the client truststore:
keytool -export -alias myCert -file myCert.crt -keystore keystore.jks
keytool -import -trustcacerts -alias -file myCert.crt -keystore truststore.jks
For the client I use a small test program using jersey. I'm passing the path to the truststore as VM argument -Djavax.net.ssl.trustStore=/tmp/truststore.jks
public class Tester {
public static void main(String[] args) {
Client client = ClientBuilder.newClient();
try {
String name = client.target("https://192.168.1.101:4443")
.request(MediaType.TEXT_PLAIN)
.get(String.class);
System.out.println(name);
} catch (final Exception e) {
System.err.println(e);
}
}
}
But however the self signed certificate is in the truststore, I always get the
java.security.cert.CertificateException: No subject alternative names present
exception
What can be the reason for it?
Upvotes: 0
Views: 705
Reputation: 8405
The HTTPS certificate should contain the SubjectAltName
extension which value should be the IP address (192.168.1.101 in your case) or the DNS name of the host.
Upvotes: 1