Reputation:
java.security.cert.CertificateException: No subject alternative names present;
I am using WSO2 API Manager version 1.9.1. In this tool, I publish my sample project (i.e., proxied) and subscribe that project to get consumer key and secret. This tool also gives me CURL command which works fine.
The below CURL command which runs fine.
curl -k -d "grant_type=password&username=XXXXX&password=XXXXX" -H "Authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, Content-Type: application/x-www-form-urlencoded" https://XXXXXXXXXXX:XXXX/token
Now I'm trying to developed the java code using RestTemplate which will connect to SSL protected site without cert verification i.e., insecure way looking at above CURL command.
So far I developed below code, but when I run I see following error coming.
public static void main(String[] args) {
HttpHeaders headers = new HttpHeaders();
headers.add("Accept", "application/json");
headers.add("Content-Type", MediaType.APPLICATION_FORM_URLENCODED.toString());
headers.add("Authorization", "Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
String url = "https://XXXXXXXXXXXXXX:XXXX/token";
String data = "grant_type=password&username=XXXXX&password=XXXXX";
RestTemplate restTemplate = new RestTemplate();
HttpEntity<String> entity = new HttpEntity<String>(data,headers);
HttpEntity<String> response = restTemplate.exchange(url, HttpMethod.POST, entity, String.class);
System.out.println("RESPONSE : "+response.getBody());
}
The error I am facing. Please suggest how we can connect to SSL site insecure way, the same curl command does?
Exception in thread "main" org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://XXXXXXXXXXX:8243/token":java.security.cert.CertificateException: No subject alternative names present; nested exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:580)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:530)
at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:448)
at com.java.wso2.TokenDemo.main(TokenDemo.java:74)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:81)
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:569)
... 3 more
How we can solve this error? Off-course my issue is not similar to javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
Upvotes: 6
Views: 15264
Answers (1)
Reputation: 46
API Manager 1.9.1 Support EOL Date was Aug 31, 2019, so if you haven't I strongly suggest you update to the latest version.
Normally you'll want to use http if you want the insecure address. In WSO2 https is configured to be secure and you can import the backend client certificate into the client trust store file using these the directions on Adding SSL Certificates to keystrokes page.
You may also find the Configure Keystores page to be of assistance.
Calling an HTTPS endpoint in an insecure way can lead to security vulnerabilities and is not a best practice.
Best of luck on your adventure!
Upvotes: 2
Related Questions
- Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
- How to fix the "java.security.cert.CertificateException: No subject alternative names present" error?
- Can't build Android App with Gradle
- Some clients accept SSL cert; others reject it
- How to get the same hostname that Java gets in this exception
- Java refusing certificate that browser accepts
- How to avoid java.security.cert.CertificateException with AuthorizeNet connection?
- soap client not able to access webservice with saml authentication over SSL enabled