Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
773 views
in Technique[技术] by (71.8m points)

ssl - How to bypass CertificateException by Java?

I am trying to send a request to a server but it runs into following error, as I know should create a certificate but not sure how to do it. I've found this answer but could not implement it.

java.security.cert.CertificateException: No subject alternative DNS name matching www.example.com found.

Code

        URL url = new URL("https://www.example.com:1897/services/myservice");

        HttpsURLConnection con = (HttpsURLConnection) url.openConnection();

        con.setRequestMethod("POST");
        con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
        con.setDoOutput(true);
        con.setDoInput(true);

        OutputStream os = con.getOutputStream();
        m.marshal(auth, os);
        m.marshal(auth, System.out);

        os.flush();
        con.getResponseCode();
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

The server might be using a certificate that lacks the proper extensions. You can either disable host name verification (which creates a security problem), or install a proper certificate on the server (which might be difficult if it's not your server).

More specifically, I'd guess that either the server certificate contains a Subject Alternative Name extension, but that extension doesn't contain the host name of the server, or there is no SAN extension and the Common Name attribute of the Subject Name doesn't match the server. In either case, the solution would be to get a certificate with the correct server host name in the SAN extension.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...