找不到与 www.billiving.com 匹配的主题备用 DNS 名称。为什么会这样,如何解决?
No subject alternative DNS name matching www.billiving.com found. Why this caused and how to solve?
我有 www.billiving.com API 的集成测试套件。当那个 API 调用端点应该是 https://www.billiving.com.
我的测试套件在 windows 上运行完美。然而,当它移动到 ubuntu 14.x 时,它会失败并出现以下异常。 [1]
所以我编写了此 [2] 代码以在测试套件之外对其进行测试。仍然失败并出现相同的异常。
所以我尝试将 billiving.com 证书导入 JKS,但仍然失败并出现同样的异常。
我知道作为解决方案,我们可以将 Verifier class 和 return 中的验证方法重写为 true。但我需要适当的解决方案,因为这会导致安全问题。
1) 为什么会出现这个错误,为什么它只出现在 linux.
2) 我们怎样才能用合适的方法解决这个问题
APIURL:
https://www.billiving.com/
[1] 异常:
> javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS
> name matching www.billiving.com found. at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1209)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:135)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
> at
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1195)
> at
> java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:379)
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:318)
> at Application.main(Application.java:20) Caused by:
> java.security.cert.CertificateException: No subject alternative DNS
> name matching www.billiving.com found. at
> sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:193)
> at sun.security.util.HostnameChecker.match(HostnameChecker.java:77)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:264)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:250)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1188)
[2] 示例代码:
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
public class Application {
public static void main(String[] args) {
URL url;
try {
url = new URL(args[0]);
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.setInstanceFollowRedirects(false);
connection.setRequestMethod("GET");
if (connection.getResponseCode() >= 400) {
System.out.println("ERROR "+ connection.getResponseCode());
} else {
System.out.println("Success");
}
System.out.println("Connection Crated");
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
使用以上代码的命令:
java Application https://www.billiving.com
该站点的真实证书具有正确的主机名。但是只有在使用 SNI (Server Name Indication) 时才能获得此证书。较旧的 Java 版本不支持 SNI(应该从 Java 7 开始支持),因此您可能需要升级 未指定 版本。
我有 www.billiving.com API 的集成测试套件。当那个 API 调用端点应该是 https://www.billiving.com.
我的测试套件在 windows 上运行完美。然而,当它移动到 ubuntu 14.x 时,它会失败并出现以下异常。 [1]
所以我编写了此 [2] 代码以在测试套件之外对其进行测试。仍然失败并出现相同的异常。
所以我尝试将 billiving.com 证书导入 JKS,但仍然失败并出现同样的异常。
我知道作为解决方案,我们可以将 Verifier class 和 return 中的验证方法重写为 true。但我需要适当的解决方案,因为这会导致安全问题。
1) 为什么会出现这个错误,为什么它只出现在 linux.
2) 我们怎样才能用合适的方法解决这个问题
APIURL: https://www.billiving.com/
[1] 异常:
> javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS
> name matching www.billiving.com found. at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1209)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:135)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
> at
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1195)
> at
> java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:379)
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:318)
> at Application.main(Application.java:20) Caused by:
> java.security.cert.CertificateException: No subject alternative DNS
> name matching www.billiving.com found. at
> sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:193)
> at sun.security.util.HostnameChecker.match(HostnameChecker.java:77)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:264)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:250)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1188)
[2] 示例代码:
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
public class Application {
public static void main(String[] args) {
URL url;
try {
url = new URL(args[0]);
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.setInstanceFollowRedirects(false);
connection.setRequestMethod("GET");
if (connection.getResponseCode() >= 400) {
System.out.println("ERROR "+ connection.getResponseCode());
} else {
System.out.println("Success");
}
System.out.println("Connection Crated");
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
使用以上代码的命令:
java Application https://www.billiving.com
该站点的真实证书具有正确的主机名。但是只有在使用 SNI (Server Name Indication) 时才能获得此证书。较旧的 Java 版本不支持 SNI(应该从 Java 7 开始支持),因此您可能需要升级 未指定 版本。