SSL - SSLHandshakeException: No subject alternative names matching IP address found
一、異常日誌
javax.net.ssl.SSLHandshakeException:
Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 110.75.244.16 found
at sun.security.util.HostnameChecker.matchIP(Unknown Source)
at sun.security.util.HostnameChecker.match(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 12 more
二、異常程式碼
public class SslHandshakeExc_NsanMatchingIp{
public static void main(String[] args) throws Exception {
URL url = new URL("https://110.75.244.16/gateway.do"); // openapi.alipay.com
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.connect();
InputStream is = conn.getInputStream();
BufferedReader br = new BufferedReader(new InputStreamReader(is));
String line;
while ((line = br.readLine()) != null) {
System.out.println(line);
}
br.close();
is.close();
}
}
三、處理方案
public class SslHandshakeExc_NsanMatchingIp{
public static void main(String[] args) throws Exception {
URL url = new URL("https://110.75.244.16/gateway.do"); // openapi.alipay.com
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
// 新增部分
conn.setHostnameVerifier(new SslHandshakeExc_NsanMatchingIp().new TrustAnyHostnameVerifier());
conn.connect();
InputStream is = conn.getInputStream();
BufferedReader br = new BufferedReader(new InputStreamReader(is));
String line;
while ((line = br.readLine()) != null) {
System.out.println(line);
}
br.close();
is.close();
}
// 定製Verifier
public class TrustAnyHostnameVerifier implements HostnameVerifier {
public boolean verify(String hostname, SSLSession session) {
return true;
}
}
}
四、補充說明
在建立 SSL 連線時,HttpsClient 步驟並進行基本的伺服器身份驗證,以防止 URL 欺騙,其中包括驗證伺服器的名稱是否在證照中
HttpsClient 主要使用 HostNameChecker 檢查主機名和證照中指定的名稱。如果失敗了,HostNameVerifier 就會出現,它被用來驗證主機名
在 HostNameVerifier 沒有被重寫時,預設是這個驗證是錯誤的,也就意味著 HostNameChecker 失敗後就會丟擲這個異常
HostNameChecker 在實現上,如果傳入的主機名是 IP 地址,將由 matchIP 方法在可用的條目中搜尋IP地址對應的名稱,同時在沒有條目可以提供和IP地址匹配的名稱時丟擲 CertificateException 異常
所以,如果想通過使用 IP 作為主機名連線,證照中應該包含名稱和與其匹配的 IP 地址這個條目
相關文章
- SSL - SSLHandshakeException: No subject alternative names presentException
- 【java細節】Java程式碼忽略https證照:No subject alternative names presentJavaHTTP
- JDK安全證書一個錯誤訊息 No subject alternative names presentJDK
- CF566A Matching Names
- SSL - SSLHandshakeException: Unrecognized SSL message, plaintext connection?ExceptionZedAI
- SSL - SSLHandshakeException: unable to find valid certification path to requested targetException
- [LeetCode] Validate IP AddressLeetCode
- cluster-wide IP address managementIDE
- 解決 javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExceptionJavaException
- IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokensExceptionHTTP
- Oracle 12.2 RAC修改public ip address或public ip(subnet (netmask) or interface)Oracle
- Spring 異常關鍵字 no matching editors or conversion strategy found 解決方法Spring
- LangChain AlternativeLangChain
- IP SSL證書是什麼意思 如何申請IP SSL證書
- 關於“INS-40922 Invalid Scan Name – Unresolvable to IP address”
- Linux虛擬機器配置IP時提示:determining ip information for ip xxx.xxx.xxx.xxx address is alreadyLinux虛擬機ORM
- Warning: Permanently added the RSA host key for IP address '13.250.177.223' to the list of known hos
- ssh 遠端登入報錯:Unable to negotiate with IP port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss 解決辦法Go
- 哪些IP SSL證書支援IP地址https加密呢?HTTP加密
- ip ssl證書基本介紹
- Can't Connect to MySQL Server on IP Address (10061) 錯誤的解決方案MySqlServer
- 為IP地址簽發SSL證書
- RxJava 系列-3:使用 SubjectRxJava
- 7-Overview-namesView
- IP SSL證書申請條件及流程
- F - Perfect Matching on a Tree
- 7.2 FM Index MatchingIndex
- Wilcoxon秩和檢驗的statistic和alternative
- 2024最新免費IP地址SSL證書申請
- 內網IP地址可以申請SSL證書嗎?內網
- SSL證書繫結域名還是繫結IP?
- [譯] 認識 rxjs 中的 SubjectJS
- RxJava2 系列-3:使用 SubjectRxJava
- DNS: More than just namesDNS
- set names utf8;
- lower_case_table_names
- Unable to negotiate with xx.xxx.xxxx port 22: no matching host key type found. Their offer: ssh-rsa(解決的兩種方式)Go
- Leetcode 10 Regular Expression MatchingLeetCodeExpress