Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

javax.net.ssl.SSLException: Certificate for <> doesn't match any of the subject alternative names: []

When I try to Hit the URL using Postman it works fine,by using my personal cert.But when I tried the same using Rest Assured test case it is throwing the above exception.

Configuration Class

public class Configuration {

    protected SSLConfig config = null;
    private static final Logger LOG = LoggerFactory.getLogger(Configuration.class);

    @SuppressWarnings("deprecation")
    @BeforeClass
    public void setKeystore()

    {
        KeyStore keyStore = null;

        KeyStore trustStore = null;
        try {
            String certPassword = System.getProperty("certPassword");
            String certPath = System.getProperty("certPath");

            String trustStorePassword = System.getProperty("trustStorePassword");
            String trustStorePath = System.getProperty("trustStorePath");
            Validate.notNull(certPath, "Path to Certificate on the file system cannot be null");
            Validate.notEmpty(certPassword, "Password cannot be empty");
            Validate.notNull(trustStorePath, "Path to trustStore on the file system cannot be null");
            Validate.notEmpty(trustStorePassword, "TrustStore Password cannot be empty");

            keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new FileInputStream(certPath), certPassword.toCharArray());
            trustStore = KeyStore.getInstance("JKS");
            trustStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray());

            if (keyStore != null) {

                org.apache.http.conn.ssl.SSLSocketFactory clientAuthFactory = new org.apache.http.conn.ssl.SSLSocketFactory(
                        keyStore, certPassword, trustStore);
                config = new SSLConfig().with().sslSocketFactory(clientAuthFactory).and().allowAllHostnames();

            }
            EnvironmentConstants.getEnvironment();

        } catch (Exception e) {
            LOG.error("Error while loading keystore");
            e.printStackTrace();
        }
    }

    @BeforeTest
    public Properties loadproperties() {

        InputStream input = getClass().getClassLoader().getResourceAsStream("errorMessages.properties");
        Properties properties = new Properties();
        try {
            properties.load(input);
        } catch (IOException e) {
            e.printStackTrace();
        }
        return properties;
    }

}
like image 931
Rocky4Ever Avatar asked Jul 20 '17 20:07

Rocky4Ever


2 Answers

This issue is because of,our company configured new servers ,but did not included DNS in server cert.So my company include server names in cert.Now it is working.

like image 173
Rocky4Ever Avatar answered Sep 22 '22 07:09

Rocky4Ever


According to RFC 2818 (the HTTPS specification):

If the hostname is available, the client MUST check it against the server's identity as presented in the server's Certificate message, in order to prevent man-in-the-middle attacks... If a subjectAltName extension of type dNSName is present, that MUST be used as the identity. Otherwise, the (most specific) Common Name field in the Subject field of the certificate MUST be used. Although the use of the Common Name is existing practice, it is deprecated and Certification Authorities are encouraged to use the dNSName instead.

You should generate certificate with SAN extension containing all hostnames where you're planning to use the certificate:

keytool -genkeypair \
    -keystore server-keystore.pkcs12 \
    -deststoretype pkcs12 \
    -dname "CN=mydomain.local" \
    -keypass changeit \
    -storepass changeit \
    -keyalg RSA \
    -validity 1825 \
    -keysize 4096 \
    -alias mydomain.local \
    -ext SAN=dns:mydomain.local,dns:mydomain.dev,dns:mydomain.test,dns:localhost
like image 42
Konstantin Pavlov Avatar answered Sep 23 '22 07:09

Konstantin Pavlov