问题描述

我正在尝试向服务器发送请求但它遇到以下错误，因为我知道应该创建一个证书但不知道如何做到这一点。我发现这个但无法实现它。

I am trying to send a request to a server but it runs into following error, as I know should create a certificate but not sure how to do it. I've found this answer but could not implement it.

java.security.cert.CertificateException: No subject alternative DNS name matching www.example.com found.

代码

        URL url = new URL("https://www.example.com:1897/services/myservice");

        HttpsURLConnection con = (HttpsURLConnection) url.openConnection();

        con.setRequestMethod("POST");
        con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
        con.setDoOutput(true);
        con.setDoInput(true);

        OutputStream os = con.getOutputStream();
        m.marshal(auth, os);
        m.marshal(auth, System.out);

        os.flush();
        con.getResponseCode();

推荐答案

服务器可能正在使用缺少正确的证书扩展。您可以禁用主机名验证（这会产生安全问题），或者在服务器上安装适当的证书（如果它不是您的服务器，可能会很困难）。

The server might be using a certificate that lacks the proper extensions. You can either disable host name verification (which creates a security problem), or install a proper certificate on the server (which might be difficult if it's not your server).

更具体地说，我猜服务器证书包含主题备用名称扩展名，但该扩展名不包含服务器的主机名，或者没有SAN扩展名，并且主题名称的公共名称属性不包含t匹配服务器。在任何一种情况下，解决方案都是在SAN扩展中获取具有正确服务器主机名的证书。

More specifically, I'd guess that either the server certificate contains a Subject Alternative Name extension, but that extension doesn't contain the host name of the server, or there is no SAN extension and the Common Name attribute of the Subject Name doesn't match the server. In either case, the solution would be to get a certificate with the correct server host name in the SAN extension.

这篇关于如何通过Java绕过CertificateException？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！