java.security.cert.CertificateException: No subject alternative names present

背景:在开发一个项目中,要调用一个webservice服务,之前设置的是http协议,项目中采用jdk自带的wsimport工具生成的客户端代码;

后来,需求变更要求兼容https协议的webservice,开始以为只需要简单的将服务地址的连接改为https就可以了;但不行,总是报错

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present

    at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Unknown Source)
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown Source)
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown Source)
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown Source)
at com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown Source)
at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
at com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unknown Source)
at javax.xml.ws.Service.<init>(Unknown Source)
at com.vrv.paw.client.area.VRVRange.<init>(VRVRange.java:48)
at com.vrv.paw.client.area.mainTest.main(mainTest.java:12)

然后就是这种百度查资料,查到以下解释

http://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/

在开发设计中当我们在java中打开一个SSL连接(比如:java.net.URL.openConnection(“https://….”)),
JSSE实现的SSL协议执行一些验证以确保这个请求的主机不是假的。
这包括用PKIX算法验证服务器的X.509证书和检查主机名称与证书中的subject是否一致。
如果SSL证书不可信或与目标主机不匹配,HTTPS和SSL加密连接就不能建立并且抛出SSLHandshakeException 或 IOException By design when we open an SSL connection in Java (e.g. through java.net.URL.openConnection(“https://….”))
the JSSE implementation of the SSL protocol performs few validations to ensure the requested host is not fake.
This involves validation of the server’s  X.509 certificate with the PKIX algorithm and checking the host name agains the certificate subject.
If the SSL certificate is not validates as trusted or does not match the target host,
an HTTPS and other SSL encrypted connection cannot be established and all attempts will result in SSLHandshakeException or IOException.

总得来说就是要将SLL数据证书加入到ketstore中

也按照http://www.cnblogs.com/liaojie970/p/4919485.html总提到的方法生成了证书,并且在代码中

System.setProperty("javax.net.ssl.trustStore", "E:\\vrvcacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
package com.vrv.paw.client.area;public class mainTest {
public static void main(String[] args) {
System.setProperty("javax.net.ssl.trustStore", "E:\\vrvcacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
Gson gson = new Gson();
// 同步数据
VRVRange vrvRange = new VRVRange();
VRVRangeSoap vrvRangeSoap = vrvRange.getVRVRangeSoap();
String cString = vrvRangeSoap.login("admin", "123456");
System.out.println(cString);
}
}

问题依旧存在,最后没有办法,就尝试了在项目中新建wsdl文件,在Eclipse中右键该wsdl文件,web service-->Generate Client生成客户端,具体生成方式见这里

然后再次

package org.tempuri;
import java.rmi.RemoteException;
import javax.xml.rpc.ServiceException;public class TestClient {
public static void main(String[] args) {
try {
System.setProperty("javax.net.ssl.trustStore", "E:\\jssecacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
Gson gson = new Gson();
VRVRange vrvRange = new VRVRangeLocator();
VRVRangeSoap vrvRangeSoap = vrvRange.getVRVRangeSoap();
String login = vrvRangeSoap.login("admin", "123456");
System.out.println(login);
} catch (ServiceException e) {
e.printStackTrace();
} catch (RemoteException e) {
e.printStackTrace();
}
}
}

结果成了。。。。

具体为什么wsimport生成的客户端代码不行,我也不知道,如果有哪位大神知道,请指教。

上一篇:微信小程序的那些坑


下一篇:微信小程序t填坑之旅一(接入)