java - allowUnsafeRenegotiation, but still CertificateException -
i try use soapconnection call https, , have point keystore , truststore follow:
system.setproperty("javax.net.ssl.keystore", "c:/kei/tasks/mip/cert/ccc_acp.keystore"); system.setproperty("javax.net.ssl.keystorepassword", "password"); system.setproperty("javax.net.ssl.truststore", "c:/kei/tasks/mip/cert/trusteaistore.keystore"); system.setproperty("javax.net.ssl.truststorepassword", "password"); system.setproperty("javax.net.debug", "all");
but still
javax.net.ssl.sslhandshakeexception: java.security.cert.certificateexception: no subject alternative names present
i google , find follow temporary solution
system.setproperty( "sun.security.ssl.allowunsaferenegotiation", "true" );
but set allowunsaferenegotation true, still
javax.net.ssl.sslhandshakeexception: java.security.cert.certificateexception: no subject alternative names present
and try use soapui 5.1.3, , in preference> ssl, set keystore , keystore password (but no place set truststore), time can connect target server through https!
so
1) why soapui 5.1.3 not need set truststore (but keystore), still can connect https server?
2) why use system property point same keystore, cannot connect https server using soapconnection?
3) why set allowunsaferenegotitation system property true, seems still check public cert. of https server, , return certificateexception?
***************** edit on 15/5/2015
i post code here
public static void main(string args[]){ system.setproperty("javax.net.ssl.keystore", "c:/kei/tasks/mip/cert/ccc_acp.keystore"); system.setproperty("javax.net.ssl.keystorepassword", "password"); mipcccsoaptest mipcccsoaptest = new mipcccsoaptest(); mipcccsoaptest.testhttpconnection(); } private void testhttpconnection(){ try{ dotrusttocertificates(); url url = new url("https://10.7.3.43:9443/iboss/customercarem1"); httpsurlconnection conn = (httpsurlconnection)url.openconnection(); httpsurlconnection.getdefaultsslsocketfactory(); system.out.println("responsecoede ="+conn.getresponsecode()); }catch(exception ex){ ex.printstacktrace(); } system.exit(0); //end testing } // trusting certificate public void dotrusttocertificates() throws exception { security.addprovider(new com.sun.net.ssl.internal.ssl.provider()); trustmanager[] trustallcerts = new trustmanager[]{ new x509trustmanager() { public x509certificate[] getacceptedissuers() { return null; } public void checkservertrusted(x509certificate[] certs, string authtype) throws certificateexception { return; } public void checkclienttrusted(x509certificate[] certs, string authtype) throws certificateexception { return; } } }; sslcontext sc = sslcontext.getinstance("ssl"); sc.init(null, trustallcerts, new securerandom()); httpsurlconnection.setdefaultsslsocketfactory(sc.getsocketfactory()); hostnameverifier hv = new hostnameverifier() { public boolean verify(string urlhostname, sslsession session) { if (!urlhostname.equalsignorecase(session.getpeerhost())) { system.out.println("warning: url host '" + urlhostname + "' different sslsession host '" + session.getpeerhost() + "'."); } return true; } }; httpsurlconnection.setdefaulthostnameverifier(hv); }
and following error
javax.net.ssl.sslhandshakeexception: received fatal alert: handshake_failure @ sun.security.ssl.alerts.getsslexception(unknown source)
but keystore should correct use same keystore in soapui 5.1.3 can call server.
**************** edit on 18/5/2015 *************
after comment out following code
security.addprovider(new com.sun.net.ssl.internal.ssl.provider()); trustmanager[] trustallcerts = new trustmanager[]{ new x509trustmanager() { public x509certificate[] getacceptedissuers() { return null; } public void checkservertrusted(x509certificate[] certs, string authtype) throws certificateexception { return; } public void checkclienttrusted(x509certificate[] certs, string authtype) throws certificateexception { return; } } }; sslcontext sc = sslcontext.getinstance("ssl"); sc.init(null, trustallcerts, new securerandom()); httpsurlconnection.setdefaultsslsocketfactory(sc.getsocketfactory());
it can connect https server now.
javax.net.ssl.sslhandshakeexception: java.security.cert.certificateexception: no subject alternative names present
this problem servers certificate. need fix there adding subject alternative section proper information can validated. has nothing trust chain, no changes keystore or truststore help. more information might given if servers url or certificate known.
system.setproperty( "sun.security.ssl.allowunsaferenegotiation", "true" );
this tls protocol level thing , has nothing certificate validation.
in case cannot fix servers certificate see sslhandshakeexception: no subject alternative names present possible workaround (first hit when googling error message!).
Comments
Post a Comment