SSL - SSLHandshakeException: No subject alternative names matching IP address found
一、異常日誌
javax.net.ssl.SSLHandshakeException:
Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 110.75.244.16 found
at sun.security.util.HostnameChecker.matchIP(Unknown Source)
at sun.security.util.HostnameChecker.match(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 12 more
二、異常程式碼
public class SslHandshakeExc_NsanMatchingIp{
public static void main(String[] args) throws Exception {
URL url = new URL("https://110.75.244.16/gateway.do"); // openapi.alipay.com
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.connect();
InputStream is = conn.getInputStream();
BufferedReader br = new BufferedReader(new InputStreamReader(is));
String line;
while ((line = br.readLine()) != null) {
System.out.println(line);
}
br.close();
is.close();
}
}
三、處理方案
public class SslHandshakeExc_NsanMatchingIp{
public static void main(String[] args) throws Exception {
URL url = new URL("https://110.75.244.16/gateway.do"); // openapi.alipay.com
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
// 新增部分
conn.setHostnameVerifier(new SslHandshakeExc_NsanMatchingIp().new TrustAnyHostnameVerifier());
conn.connect();
InputStream is = conn.getInputStream();
BufferedReader br = new BufferedReader(new InputStreamReader(is));
String line;
while ((line = br.readLine()) != null) {
System.out.println(line);
}
br.close();
is.close();
}
// 定製Verifier
public class TrustAnyHostnameVerifier implements HostnameVerifier {
public boolean verify(String hostname, SSLSession session) {
return true;
}
}
}
四、補充說明
在建立 SSL 連線時,HttpsClient 步驟並進行基本的伺服器身份驗證,以防止 URL 欺騙,其中包括驗證伺服器的名稱是否在證照中
HttpsClient 主要使用 HostNameChecker 檢查主機名和證照中指定的名稱。如果失敗了,HostNameVerifier 就會出現,它被用來驗證主機名
在 HostNameVerifier 沒有被重寫時,預設是這個驗證是錯誤的,也就意味著 HostNameChecker 失敗後就會丟擲這個異常
HostNameChecker 在實現上,如果傳入的主機名是 IP 地址,將由 matchIP 方法在可用的條目中搜尋IP地址對應的名稱,同時在沒有條目可以提供和IP地址匹配的名稱時丟擲 CertificateException 異常
所以,如果想通過使用 IP 作為主機名連線,證照中應該包含名稱和與其匹配的 IP 地址這個條目
相關文章
- SSL - SSLHandshakeException: No subject alternative names presentException
- JDK安全證書一個錯誤訊息 No subject alternative names presentJDK
- 【java細節】Java程式碼忽略https證照:No subject alternative names presentJavaHTTP
- SSL - SSLHandshakeException: Unrecognized SSL message, plaintext connection?ExceptionZedAI
- SSL - SSLHandshakeException: unable to find valid certification path to requested targetException
- 解決 javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExceptionJavaException
- Java Get local IP addressJava
- How to update the IP address of the SCAN VIP
- 急!!Error Parsing EJB file: Finder found in DD with no matching method.Error
- javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 解決方案JavaExceptionAI
- [LeetCode] Validate IP AddressLeetCode
- cluster-wide IP address managementIDE
- IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokensExceptionHTTP
- 開發:異常收集之 expected single matching bean but found 2Bean
- IP SSL證書是什麼意思 如何申請IP SSL證書
- LangChain AlternativeLangChain
- IP address could not be resolved: Temporary failure in name resolutionAI
- ip ssl證書基本介紹
- Spring 異常關鍵字 no matching editors or conversion strategy found 解決方法Spring
- EMC儲存=》Hosts=》Name,IP Address 漂移問題
- 哪些IP SSL證書支援IP地址https加密呢?HTTP加密
- ssh 遠端登入報錯:Unable to negotiate with IP port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss 解決辦法Go
- 為IP地址簽發SSL證書
- Oracle 12.2 RAC修改public ip address或public ip(subnet (netmask) or interface)Oracle
- RxSwift 之 SubjectSwift
- Oracle *namesOracle
- How to check EMC Celerra Control Station ip address.
- RxJava 系列-3:使用 SubjectRxJava
- 【TCP/IP的狀態圖解決Cannot assign requested address】TCP圖解
- 如何獲得server端和client端ip address和host name!Serverclient
- IP SSL證書申請條件及流程
- 7-Overview-namesView
- 內網IP地址可以申請SSL證書嗎?內網
- SSL證書繫結域名還是繫結IP?
- RxJava2 系列-3:使用 SubjectRxJava
- 關於“INS-40922 Invalid Scan Name – Unresolvable to IP address”
- OMS to Agent Comm Fails if IP Address of the Grid Ag Machine is Changed-605009.1AIMac
- vmware server 虛擬機器修改VMnet8的Gateway IP AddressServer虛擬機Gateway