猿问

如何解决“ java.security.cert.CertificateException:

我有一个Java Web服务客户端,它通过HTTPS使用Web服务。


import javax.xml.ws.Service;


@WebServiceClient(name = "ISomeService", targetNamespace = "http://tempuri.org/", wsdlLocation = "...")

public class ISomeService

    extends Service

{


    public ISomeService() {

        super(__getWsdlLocation(), ISOMESERVICE_QNAME);

    }

当我连接到服务URL(https://AAA.BBB.CCC.DDD:9443/ISomeService)时,出现异常java.security.cert.CertificateException: No subject alternative names present。


要修复它,我首先运行openssl s_client -showcerts -connect AAA.BBB.CCC.DDD:9443  > certs.txt并在file中得到以下内容certs.txt:


CONNECTED(00000003)

---

Certificate chain

 0 s:/CN=someSubdomain.someorganisation.com

   i:/CN=someSubdomain.someorganisation.com

-----BEGIN CERTIFICATE-----

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

-----END CERTIFICATE-----

---

Server certificate

subject=/CN=someSubdomain.someorganisation.com

issuer=/CN=someSubdomain.someorganisation.com

---

No client certificate CA names sent

---

SSL handshake has read 489 bytes and written 236 bytes

---

New, TLSv1/SSLv3, Cipher is RC4-MD5

Server public key is 512 bit

Compression: NONE

Expansion: NONE


AFAIK,现在我需要


提取的部分certs.txt之间-----BEGIN CERTIFICATE-----和-----END CERTIFICATE-----,

对其进行修改,以使证书名称等于AAA.BBB.CCC.DDD和

然后使用导入结果keytool -importcert -file fileWithModifiedCertificate(fileWithModifiedCertificate操作1和2的结果在哪里)。

这个对吗?


如果是这样,我如何才能使第1步中的证书与基于IP的地址(AAA.BBB.CCC.DDD)一起使用?


慕侠2389804
浏览 2748回答 3
3回答
随时随地看视频慕课网APP
我要回答