无法为Java应用程序安装SSL证书

Question

Am bit similar situation as explained in this question. I also have a WSDL at a particular link. When I open that link I get the There is a problem with this website's security certificate... error in IE. When I click continue it opens up WSDL file.

Now I am writing a client for this webservice in Java. And it throws following exception:

Exception in thread "main" com.sun.xml.internal.ws.wsdl.parser.InaccessibleWSDLException: 2 counts of InaccessibleWSDLException.

java.io.IOException: Got java.security.cert.CertificateException: No subject alternative names matching IP address 172.17.245.196 found while opening stream from https://172.17.245.196/ews/Services.wsdl
java.io.IOException: Got java.security.cert.CertificateException: No subject alternative names matching IP address 172.17.245.196 found while opening stream from https://172.17.245.196/ews/Services.wsdl?wsdl
    at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Unknown Source)
    at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown Source)    
    at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown Source)
    at com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown Source)
    at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
    at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
    at com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unknown Source)
    at javax.xml.ws.Service.<init>(Unknown Source)
    at com.microsoft.schemas.exchange.services._2006.messages.ExchangeWebService.<init>(ExchangeWebService.java:58)
    at com.xyz.cms.EWSJavaAPI.ExchangeAuthenticator.getExchangeServicePort(ExchangeAuthenticator.java:32)
    at com.xyz.cms.test.ExchangeDevelopmentTest.main(ExchangeDevelopmentTest.java:31)

So I guess it is related to resolving certificates and since the guy on the said thread got similar exception, I am trying out the solution suggested there - downloading and adding the certificate to the private using keytool.exe , though I really dont think I have completely understood this certificate stuff and also keytool .

So I

• Downloaded the certificate by visiting the link in browser and then copy pasted it in app directory in eclipse.
• Also I copy pasted $JAVA_HOME/lib/security/cacerts to my app directory. So by now my app hierarchy looks something like this in eclipse:
• Then opened command prompt and navigated to the app directory.
• Finally executed the command (as suggested in that thread). It gave me following output. It gave me following output

However it is giving me exactly the same exception. What should I do?

Edit

Well this is my effort to write java client for Exchange Web Services. Their is ExchangeAuthenticator which manages web services authentication requests to the Exchange and ExchangeDevelopmentTest which contains main method to test functionality of above class. a Here is the code:

ExchangeAuthenticator

public class ExchangeAuthenticator {    
/**
 * Obtains an authenticated ExchangeServicePortType with given credentials.
 *     
 */
    public ExchangeServicePortType getExchangeServicePort(String username, String password, String domain, URL wsdlURL) throws MalformedURLException {
        // Concatinate our domain and username for the UID needed in authentication.
        String uid = "domain" + "\\" + "uname";

        // Create an ExchangeWebService object that uses the supplied WSDL file, wsdlURL.
        ExchangeWebService exchangeWebService = new ExchangeWebService(wsdlURL, new QName("<a href=\"http://schemas.microsoft.com/exchange/services/2006/messages\">http://schemas.microsoft.com/exchange/services/2006/messages</a>", "ExchangeWebService"));
        ExchangeServicePortType port = exchangeWebService.getExchangeWebPort();
        // Supply your username and password when the ExchangeServicePortType is used for binding in the SOAP request.
        ((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, uid);
        ((BindingProvider)port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, password);

        return port;
    }
}

ExchangeDevelopmentTest

public class ExchangeDevelopmentTest {    
    public static void main (String[] args) {
        ExchangeAuthenticator exchangeAuthenticator = new ExchangeAuthenticator();

        // Print statement so we can easily see where our statements start in the Java console.
        System.out.println("Let's get started!");

        try {
            // Create a URL object which points at the .wsdl we deployed in the previous step.
            URL wsdlURL = new URL("https://172.17.245.196/ews/Services.wsdl");
            //URL wsdlURL = new URL("<a href=\"https://172.17.245.196/ews/Services.wsdl\">https://172.17.245.196/ews/Services.wsdl</a>");
            // Call to the class we just created to return an ExchangeServicePortType with authentication credentials.
            ExchangeServicePortType port = exchangeAuthenticator.getExchangeServicePort("uname", "password@123", "domain", wsdlURL);

            // Prints out the default toString() for the ExchangeServicePortType.
            System.out.println(port.toString());
        } catch (MalformedURLException ex) {
            // Catch any errors that may occur.
            Logger.getLogger(ExchangeDevelopmentTest.class.getName()).log(Level.SEVERE, null, ex);
            System.out.println(ex.getMessage()+"\n"+ex.getStackTrace());
        }
    }
}

Answer 1

The problem is that your certificate is not issued for 172.17.245.196 IP address, so the client used to parse WSDL does not trust it. That IP address shall be in subject field of the certificate.

Is your certificate trusted by official certification authority or is it self signed? Probably you will need Java to trust it. Add it to keystore and then set system properties:

System.setProperty("javax.net.ssl.keyStore", "lfkeystore2");
System.setProperty("javax.net.ssl.keyStorePassword", "wshr.ut");