I am attempting to convert a http webservice to https. I added the tags to the webservice.
@SecurityDomain(value = "jboss-ssl")
and
@WebContext(contextRoot="/path/one", // already here
urlPattern="/X", // already here
authMethod = "CLIENT-CERT", // added
transportGuarantee = "CONFIDENTIAL") // added
But when my client trys to connect to https://hostname:80/path/to/ws
I get an exception:
Caused by: java.io.IOException: HTTPS hostname wrong: should be <hostname>
.
( entire thing shown below). I suspect that this has to do with the certificate that is being used. I think that I need to use the java keytool to resolve this. If someone could verify for me it would be greatly appreciated.
javax.xml.soap.SOAPException: java.io.IOException: Could not transmit message
at org.jboss.ws.core.soap.SOAPConnectionImpl.callInternal(SOAPConnectionImpl.java:115)
at org.jboss.ws.core.soap.SOAPConnectionImpl.call(SOAPConnectionImpl.java:66)
at com.alcatel.tpapps.common.utils.SOAPClient.execute(SOAPClient.java:146)
at com.alcatel.tpapps.common.utils.SOAPClient.main(SOAPClient.java:233)
Caused by: java.io.IOException: Could not transmit message
at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:192)
at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
at org.jboss.ws.core.soap.SOAPConnectionImpl.callInternal(SOAPConnectionImpl.java:106)
... 3 more
Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker. HTTPS hostname wrong: should be <hostname>.
at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:368)
at org.jboss.remoting.transport.http.HTTPClientInvoker.transport(HTTPClientInvoker.java:148)
at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:141)
at org.jboss.remoting.Client.invoke(Client.java:1858)
at org.jboss.remoting.Client.invoke(Client.java:718)
at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:171)
... 5 more
Caused by: java.io.IOException: HTTPS hostname wrong: should be <hostname>
at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:490)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:415)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:857)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:288)
... 10 more
I tried the following but it had no effect on the exception:
hostname[username:/path/two/path][525]% keytool -genkey -keystore server.keystore -alias hostname
...
...
Actually not sure what I did in Update 1 was right because I did not have to specify a host name there...
I specified hostname as the Alias name
and
What is the name of your organizational unit?
[Unknown]: hostname
But that still did not solve my issue. Is there a specific way to add a host name?
I am pretty sure that this post solves the issue however it is too cryptic to understand. Come back to this.
This solution is helpful as well.
Java's keytool command with IP addresses
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost());
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(hv);
These seem like similar issues:
Same problem.
Accepts all certificates.
private static final HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
...
HttpsUrlConnection con = (HttpsUrlConnection)new URL("https://foo.bar.com").openConnection();
con.setHostnameVerifier(DO_NOT_VERIFY);
InputStream in = con.getInputStream();
However I am not certain where to put this. Client side or server side? Regardless I would rather just set up the certificates properly if that is an option.
Uses this solution:
HostnameVerifier ver = new HostnameVerifier()
{
public boolean verify(String urlHostname,String certHostname)
{
return java.net.InetAddress.getByName(urlHostname).equals(java.net.InetAddress.getByName(certHostname));
}
};
com.sun.net.ssl.HttpsURLConnection con = ...(obtain connection);
con.setHostnameVerifier(ver);
However I am not certain where to put this. Client side or server side? Regardless I would rather just set up the certificates properly if that is an option.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.