Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SSLHandshakeException: No subject alternative names present

I am invoking HTTPS SOAP web service through java code. I have already imported self-signed certificate in jre cacerts keystore. Now I am getting :

com.sun.xml.internal.ws.com.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present 

The hostname of the service URL is not matching that of the CN provided in cert. I read about a workaround of defining a custom Hostname verifier here. But i cant able to make where I should implement the workaround in my code.

public SOAPMessage invokeWS(WSBean bean) throws Exception {      SOAPMessage response=null;     try{      /** Create a service and add at least one port to it. **/     String targetNameSpace = bean.getTargetNameSpace();     String endpointUrl = bean.getEndpointUrl();     QName serviceName = new QName(targetNameSpace, bean.getServiceName());     QName portName = new QName(targetNameSpace, bean.getPortName());     String SOAPAction = bean.getSOAPAction();     HashMap<String, String> map = bean.getParameters();       Service service = Service.create(serviceName);     service.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING, endpointUrl);      /** Create a Dispatch instance from a service. **/     Dispatch dispatch = service.createDispatch(portName, SOAPMessage.class,             Service.Mode.MESSAGE);      // The soapActionUri is set here. otherwise we get a error on .net based     // services.     dispatch.getRequestContext().put(Dispatch.SOAPACTION_USE_PROPERTY,             new Boolean(true));     dispatch.getRequestContext().put(Dispatch.SOAPACTION_URI_PROPERTY,             SOAPAction);      /** Create SOAPMessage request. **/     // compose a request message     MessageFactory messageFactory = MessageFactory.newInstance();     SOAPMessage message = messageFactory.createMessage();      // Create objects for the message parts     SOAPPart soapPart = message.getSOAPPart();     SOAPEnvelope envelope = soapPart.getEnvelope();     SOAPBody body = envelope.getBody();      SOAPElement bodyElement = body.addChildElement(bean.getInputMethod(),             bean.getPrefix(), bean.getTargetNameSpace());               ...more code to form soap body goes here      // Print request     message.writeTo(System.out);      // Save the message     message.saveChanges();      response = (SOAPMessage)dispatch.invoke(message);     }     catch (Exception e) {         log.error("Error in invokeSiebelWS :"+e);     }     return response; } 

Please ignore WSBean parameter as the namespaces and other wsdl attributes are coming from this bean. And if this exception can solved with some different workarounds, pls do suggest.

like image 858
shashankaholic Avatar asked Apr 21 '12 10:04

shashankaholic


People also ask

How do I fix No Subject Alternative DNS name matching?

Resolving The Problem In order to resolve the issue either: Regenerate the LDAP server certificate so that the certificate's subject alternate name or certificate's subject name matches the hostname of the LDAP server.

What is subject alternative name in certificate?

The Subject Alternative Name (SAN) is an extension to the X. 509 specification that allows users to specify additional host names for a single SSL certificate. The use of the SAN extension is standard practice for SSL certificates, and it's on its way to replacing the use of the common name.

How do I add a Subject Alternative Name to a certificate?

To add a Subject Alternative NameSelect SSL Certificates and then select Manage for the certificate you want to change. Select Change Subject Alternative Names. For Add a domain, enter the SAN you want to add and then select Add.

What is java security cert CertificateException?

The “java. security. cert. CertificateException: No subject alternative names present” exception is thrown when you are trying to make a secure connection over SSL and the hostname you are trying to connect is not valid when compared to the SSL certificate of the server.


1 Answers

Thanks,Bruno for giving me heads up on Common Name and Subject Alternative Name. As we figured out certificate was generated with CN with DNS name of network and asked for regeneration of new certificate with Subject Alternative Name entry i.e. san=ip:10.0.0.1. which is the actual solution.

But, we managed to find out a workaround with which we can able to run on development phase. Just add a static block in the class from which we are making ssl connection.

static {     HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier()         {             public boolean verify(String hostname, SSLSession session)             {                 // ip address of the service URL(like.23.28.244.244)                 if (hostname.equals("23.28.244.244"))                     return true;                 return false;             }         }); } 

If you happen to be using Java 8, there is a much slicker way of achieving the same result:

static {     HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> hostname.equals("127.0.0.1")); } 
like image 154
shashankaholic Avatar answered Oct 10 '22 00:10

shashankaholic