java - allowUnsafeRenegotiation, but still CertificateException -


i try use soapconnection call https, , have point keystore , truststore follow:

    system.setproperty("javax.net.ssl.keystore", "c:/kei/tasks/mip/cert/ccc_acp.keystore");     system.setproperty("javax.net.ssl.keystorepassword", "password");     system.setproperty("javax.net.ssl.truststore", "c:/kei/tasks/mip/cert/trusteaistore.keystore");     system.setproperty("javax.net.ssl.truststorepassword", "password");     system.setproperty("javax.net.debug", "all"); 

but still

javax.net.ssl.sslhandshakeexception: java.security.cert.certificateexception: no subject alternative names present

i google , find follow temporary solution

system.setproperty( "sun.security.ssl.allowunsaferenegotiation", "true" ); 

but set allowunsaferenegotation true, still

javax.net.ssl.sslhandshakeexception: java.security.cert.certificateexception: no subject alternative names present

and try use soapui 5.1.3, , in preference> ssl, set keystore , keystore password (but no place set truststore), time can connect target server through https!

so

1) why soapui 5.1.3 not need set truststore (but keystore), still can connect https server?

2) why use system property point same keystore, cannot connect https server using soapconnection?

3) why set allowunsaferenegotitation system property true, seems still check public cert. of https server, , return certificateexception?

***************** edit on 15/5/2015

i post code here

public static void main(string args[]){      system.setproperty("javax.net.ssl.keystore", "c:/kei/tasks/mip/cert/ccc_acp.keystore");     system.setproperty("javax.net.ssl.keystorepassword", "password");     mipcccsoaptest mipcccsoaptest = new mipcccsoaptest();     mipcccsoaptest.testhttpconnection();         }  private void testhttpconnection(){     try{         dotrusttocertificates();                      url url = new url("https://10.7.3.43:9443/iboss/customercarem1");          httpsurlconnection conn = (httpsurlconnection)url.openconnection();           httpsurlconnection.getdefaultsslsocketfactory();          system.out.println("responsecoede ="+conn.getresponsecode());     }catch(exception ex){         ex.printstacktrace();     }     system.exit(0);     //end testing }  // trusting certificate   public void dotrusttocertificates() throws exception {     security.addprovider(new com.sun.net.ssl.internal.ssl.provider());     trustmanager[] trustallcerts = new trustmanager[]{             new x509trustmanager() {                 public x509certificate[] getacceptedissuers() {                     return null;                 }                  public void checkservertrusted(x509certificate[] certs, string authtype) throws certificateexception {                     return;                 }                  public void checkclienttrusted(x509certificate[] certs, string authtype) throws certificateexception {                     return;                 }             }     };      sslcontext sc = sslcontext.getinstance("ssl");     sc.init(null, trustallcerts, new securerandom());     httpsurlconnection.setdefaultsslsocketfactory(sc.getsocketfactory());     hostnameverifier hv = new hostnameverifier() {         public boolean verify(string urlhostname, sslsession session) {             if (!urlhostname.equalsignorecase(session.getpeerhost())) {                 system.out.println("warning: url host '" + urlhostname + "' different sslsession host '" + session.getpeerhost() + "'.");             }             return true;         }     };     httpsurlconnection.setdefaulthostnameverifier(hv); } 

and following error

javax.net.ssl.sslhandshakeexception: received fatal alert: handshake_failure @ sun.security.ssl.alerts.getsslexception(unknown source)

but keystore should correct use same keystore in soapui 5.1.3 can call server.

**************** edit on 18/5/2015 *************

after comment out following code

security.addprovider(new com.sun.net.ssl.internal.ssl.provider());     trustmanager[] trustallcerts = new trustmanager[]{             new x509trustmanager() {                 public x509certificate[] getacceptedissuers() {                     return null;                 }                  public void checkservertrusted(x509certificate[] certs, string authtype) throws certificateexception {                     return;                 }                  public void checkclienttrusted(x509certificate[] certs, string authtype) throws certificateexception {                     return;                 }             }     };      sslcontext sc = sslcontext.getinstance("ssl");     sc.init(null, trustallcerts, new securerandom());     httpsurlconnection.setdefaultsslsocketfactory(sc.getsocketfactory()); 

it can connect https server now.

javax.net.ssl.sslhandshakeexception: java.security.cert.certificateexception: no subject alternative names present

this problem servers certificate. need fix there adding subject alternative section proper information can validated. has nothing trust chain, no changes keystore or truststore help. more information might given if servers url or certificate known.

system.setproperty( "sun.security.ssl.allowunsaferenegotiation", "true" );

this tls protocol level thing , has nothing certificate validation.

in case cannot fix servers certificate see sslhandshakeexception: no subject alternative names present possible workaround (first hit when googling error message!).


Comments

Popular posts from this blog

c++ - Difference between pre and post decrement in recursive function argument -

php - Nothing but 'run(); ' when browsing to my local project, how do I fix this? -

php - How can I echo out this array? -