CODEWITHSUNDEEP
javahttpsurlconnectionget-request
GohanCZ
GohanCZ

Reputation: 13

JAVA - No subject alternative names matching IP address

I am trying to use get request on site with REST API. However the link to acces it is an IP address and I am getting the No subject alternative names matching IP address error.

When I use the same exact link in browser, it works.

How can I solve this issue?

Below is my code:

public static void main(String[] args) {

    System.getProperties().put( "proxySet", "true" );
    System.getProperties().put( "socksProxyHost", "xxx.xxx.xxx.xxx" );
    System.getProperties().put( "socksProxyPort", "xxxx" );


    URL requestLink = ismTicketManager.UrlEncode.convertToURLEscapingIllegalCharacters("https://xx.xx.xx.xx/e/528f5016-6fd9-403f-85e4-5a54bb2498b9/api/v1/problem/feed?relativeTime=30mins&Api-Token=xxxxx");

    try {
        HttpURLConnection targetConn = (HttpURLConnection)requestLink.openConnection();
        targetConn.setRequestMethod("GET");
        System.out.println(targetConn.getResponseCode());
    } catch (Exception e) {
        e.printStackTrace();
        System.out.println("Connection failed");
    }

    static {
    HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> hostname.equals("127.0.0.1"));
}

}

Now I am getting error:

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

The cacerts fiel list looks like this:

restapi, 25-Sep-2018, trustedCertEntry, Certificate fingerprint (SHA1): AB:6D:C6:2E:9F:B3:D9:48:1E:A9:84:AA:DD:03:64:1D:7C:08:42:CE

Thank you for your time.

Upvotes: 0

Views: 1673

Answers (1)

apgautham
apgautham

Reputation: 24

From the code, I see you are trying to use http connection object and hitting an https connection. Generally I won't recommend using httpconnection object since the security is highly compromised. It is always better to use httpsurlconnection object while working with https url which provides enhanced security features. For eg: you can set which truststore to use for certificate verfication and set an custom sslcontext to the connection. Also you can use an custom hostname verifier which would be triggered in case of any mismatch between domain and CN.

Upvotes: 0

Related Questions