本地主机上的SSL证书不起作用
[英]SSL certificate on localhost not working
问题描述
I am facing an exception while accessing https URLs through java code. 
通过Java代码访问https URL时遇到异常。 When I try to access, I get the following exception: 当我尝试访问时,出现以下异常:
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:81)
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:569)
... 131 more
Caused by: java.security.cert.CertificateException: No name matching localhost found
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:221)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
I tried to generate SSL certificate using the below command : 我尝试使用以下命令生成SSL证书:
./jdk1.8/bin/keytool -genkey -keystore /srv/jakarta/.keystore -alias ALIAS \
-keyalg RSA -keysize 4096 -validity 720
Enter keystore password: # well, enter something
Re-enter new password: # same as above
What is your first and last name?
[Unknown]: localhost # !!! IMPORTANT this is the domain name, NOT YOUR name
What is the name of your organizational unit?
[Unknown]: # enter something or leave empty
What is the name of your organization?
[Unknown]: # enter something or leave empty
What is the name of your City or Locality?
[Unknown]: # enter something or leave empty
What is the name of your State or Province?
[Unknown]: # enter something or leave empty
What is the two-letter country code for this unit?
[Unknown]: # enter something or leave empty
Is CN=example com, OU=Foo, O=Bar, L=City, ST=AA, C=FB correct?
[no]: yes
Enter key password for <lea-prod>
(RETURN if same as keystore password): # Press RETURN
and with below tomcat/server.xml configuration : 并使用以下tomcat / server.xml配置:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keyAlias="ALIAS" keystoreFile="/srv/jakarta/.keystore"
keystorePass="PW from step 1" />
However, its still not working and I am facing the same error. 但是,它仍然无法正常工作,我正面临着同样的错误。
Is there any way I can resolve this ? 有什么办法可以解决这个问题? Thanks 谢谢
2 个解决方案
解决方案1
4 2017-08-01 13:39:37
Well, it's exactly as the error message suggets. 好吧,这正是错误消息的提示。 You certificate was issued on the common name example.com . 您的证书是在通用名称example.com上颁发的。 However, you entered localhost as your server's name in your address bar. 但是,您在地址栏中输入了localhost作为服务器名称。 These two don't match, obviously. 显然,这两个不匹配。 You should change your certificates common name (CN) to localhost as well, ie regenerate the certificate as you already did but with the correct name localhost . 您还应该将证书公用名(CN)也更改为localhost ,即,像已经做的那样使用正确的名称localhost重新生成证书。
In a next step you then need to import that certificate into your browser's certificate store. 然后,下一步需要将该证书导入浏览器的证书存储中。 But this is another topic. 但这是另一个话题。 The exception should be gone after you correct your certificate's common name. 更正证书的公用名后,该异常应消失。
解决方案2
0 2017-08-01 16:34:37
I believe you are trying to access a service hosted on HTTPS protocol. 我相信您正在尝试访问以HTTPS协议托管的服务。 In such case you will need to get the certificate of the website / service and add it to your java keystore. 在这种情况下,您将需要获取网站/服务的证书并将其添加到Java密钥库中。 This is the way you should use certificates in production code 这是您应该在生产代码中使用证书的方式
Alternatively you can override the HostNameVerifier class to suppress any errors and set it up in your java SSL context to ignore any errors. 或者,您可以重写HostNameVerifier类以抑制任何错误,并在Java SSL上下文中对其进行设置以忽略任何错误。 Ideally one would user suppression of check in testing code or when SSL certificates is unavailable. 理想情况下,将禁止用户禁止签入测试代码或当SSL证书不可用时。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.