

我通过java代码调用HTTPS SOAP Web服务。我已经在jre cacerts密钥库中导入了自签名证书。现在我得到:

I am invoking HTTPS SOAP web service through java code. I have already imported self-signed certificate in jre cacerts keystore. Now I am getting :

com.sun.xml.internal.ws.com.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present


The hostname of the service URL is not matching that of the CN provided in cert. I read about a workaround of defining a custom Hostname verifier here. But i cant able to make where I should implement the workaround in my code.

public SOAPMessage invokeWS(WSBean bean) throws Exception {

    SOAPMessage response=null;

    /** Create a service and add at least one port to it. **/
    String targetNameSpace = bean.getTargetNameSpace();
    String endpointUrl = bean.getEndpointUrl();
    QName serviceName = new QName(targetNameSpace, bean.getServiceName());
    QName portName = new QName(targetNameSpace, bean.getPortName());
    String SOAPAction = bean.getSOAPAction();
    HashMap<String, String> map = bean.getParameters();

    Service service = Service.create(serviceName);
    service.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING, endpointUrl);

    /** Create a Dispatch instance from a service. **/
    Dispatch dispatch = service.createDispatch(portName, SOAPMessage.class,

    // The soapActionUri is set here. otherwise we get a error on .net based
    // services.
            new Boolean(true));

    /** Create SOAPMessage request. **/
    // compose a request message
    MessageFactory messageFactory = MessageFactory.newInstance();
    SOAPMessage message = messageFactory.createMessage();

    // Create objects for the message parts
    SOAPPart soapPart = message.getSOAPPart();
    SOAPEnvelope envelope = soapPart.getEnvelope();
    SOAPBody body = envelope.getBody();

    SOAPElement bodyElement = body.addChildElement(bean.getInputMethod(),
            bean.getPrefix(), bean.getTargetNameSpace());

             ...more code to form soap body goes here

    // Print request

    // Save the message

    response = (SOAPMessage)dispatch.invoke(message);
    catch (Exception e) {
        log.error("Error in invokeSiebelWS :"+e);
    return response;

请忽略WSBean参数,因为命名空间和其他wsdl属性来自此bean 。如果这个异常可以通过一些不同的解决方法解决,请建议。

Please ignore WSBean parameter as the namespaces and other wsdl attributes are coming from this bean. And if this exception can solved with some different workarounds, pls do suggest.


谢谢,布鲁诺让我对常见问题提出异议姓名和主题替代名称。我们发现证书是使用带有DNS名称的网络的CN生成的,并要求使用主题备用名称条目(即san = ip:重新生成新证书。这是实际解决方案

Thanks,Bruno for giving me heads up on Common Name and Subject Alternative Name. As we figured out certificate was generated with CN with DNS name of network and asked for regeneration of new certificate with Subject Alternative Name entry i.e. san=ip: which is the actual solution.


But, we managed to find out a workaround with which we can able to run on development phase. Just add a static block in the class from which we are making ssl connection.

static {
    HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier()
            public boolean verify(String hostname, SSLSession session)
                // ip address of the service URL(like.
                if (hostname.equals(""))
                    return true;
                return false;

如果您正好使用Java 8,那么有一种更为流畅的方式实现相同的结果:

If you happen to be using Java 8, there is a much slicker way of achieving the same result:

static {
    HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> hostname.equals(""));


08-21 04:54