堆栈跟踪是:
Caused by: java.security.cert.CertificateException: No subject alternative names present
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:144) ~[na:1.8.0_65]
at sun.security.util.HostnameChecker.match(HostnameChecker.java:93) ~[na:1.8.0_65]
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455) ~[na:1.8.0_65]
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436) ~[na:1.8.0_65]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200) ~[na:1.8.0_65]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[na:1.8.0_65]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) ~[na:1.8.0_65]
解决方案是:您的证书应包括该 ip 值作为主体替代名称值(IPAddress 类型:key=7)。
但是,如何在生成证书时将 ip 值包含为主题备用名称值?
最佳答案
我会尝试使用 opessl。检查这个网址,你会找到你需要的。 opensslSAN .
看看这部分:文本:
"So by using the common syntax for OpenSSL subject written via command line you need to specify all of the above (the OU is optional) and add another section called subjectAltName=. By adding DNS.n (where n is a sequential number) entries under the subjectAltName" field you'll be able to add as many additional "alternate names" as you want, even not related to the main domain. Obviously the first-level parent domain will be covered by most SSL products, unless specified differently. So here's an example to generate a certificate"
openssl req -new -key endpoint.com.key -sha256 -nodes -subj '/C=US/ST=New York/L=New York/O=End Point/OU=Hosting Team/CN=www.endpoint.com/ emailAddress=administrative-not-existent-address@our-awesome-domain.com/ subjectAltName=DNS.1=endpoint.com' > www.endpoint.com.csr
关于java - 我正在为 CertificateException 的异常(exception)而苦苦挣扎。如何生成带有主题备用名称的证书,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34735621/