错误信息:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
at sun.security.ssl.Alerts.getSSLException(Alerts.java:
192
)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:
1949
)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:
302
)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:
296
)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:
1509
)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:
216
)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:
979
)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:
914
)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:
1062
)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:
1375
)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:
1403
)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:
1387
)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:
559
)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:
185
)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:
1283
)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:
1258
)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:
250
)
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:
104
)
...
39
more
Caused by: java.security.cert.CertificateException: No subject alternative names present
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:
144
)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:
93
)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:
455
)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:
436
)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:
200
)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:
124
)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:
1491
)
...
52
more
|
http请求错误:
|
1
2
3
4
5
|
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address xxx.xxx.xxx.xxx found
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:
174
)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:
1747
)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:
241
)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:
235
)
|
后来发现不能使用IP调用https的webservice接口,解决办法:
1.使用域名访问
2.忽略SSL证书,代码如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
package
com.sojson.www.zhanzhang.utils;
import
java.security.cert.CertificateException;
import
java.security.cert.X509Certificate;
import
javax.net.ssl.HostnameVerifier;
import
javax.net.ssl.HttpsURLConnection;
import
javax.net.ssl.SSLContext;
import
javax.net.ssl.SSLSession;
import
javax.net.ssl.TrustManager;
import
javax.net.ssl.X509TrustManager;
public
class
SslUtils {
private
static
void
trustAllHttpsCertificates()
throws
Exception {
TrustManager[] trustAllCerts =
new
TrustManager[
1
];
TrustManager tm =
new
miTM();
trustAllCerts[
0
] = tm;
SSLContext sc = SSLContext.getInstance(
"SSL"
);
sc.init(
null
, trustAllCerts,
null
);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
static
class
miTM
implements
TrustManager,X509TrustManager {
public
X509Certificate[] getAcceptedIssuers() {
return
null
;
}
public
boolean
isServerTrusted(X509Certificate[] certs) {
return
true
;
}
public
boolean
isClientTrusted(X509Certificate[] certs) {
return
true
;
}
public
void
checkServerTrusted(X509Certificate[] certs, String authType)
throws
CertificateException {
return
;
}
public
void
checkClientTrusted(X509Certificate[] certs, String authType)
throws
CertificateException {
return
;
}
}
/**
* 忽略HTTPS请求的SSL证书,必须在openConnection之前调用
* @throws Exception
*/
public
static
void
ignoreSsl()
throws
Exception{
HostnameVerifier hv =
new
HostnameVerifier() {
public
boolean
verify(String urlHostName, SSLSession session) {
return
true
;
}
};
trustAllHttpsCertificates();
HttpsURLConnection.setDefaultHostnameVerifier(hv);
}
}
|
参考:http://www.sojson.com/blog/195.html