Certificate for <xx.xxx.xxx.xxx> doesn't match any of the subject alternative names: [xx.xxxx.xxxx.c

别先生

发布于 2021-08-31 18:02:43

6.8K0

发布于 2021-08-31 18:02:43

文章被收录于专栏：别先生

1、用HttpClient发送Https请求报SSLException: Certificate for <域名> doesn't match any of the subject alternative names问题的解决，报错，如下所示：

 1 javax.net.ssl.SSLPeerUnverifiedException:  Certificate for <xx.xxx.xxx.xxx> doesn't match any of the subject alternative names: [xx.xxxx.xxxx.com]
 2     at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507)
 3     at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437)
 4     at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
 5     at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
 6     at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
 7     at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
 8     at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
 9     at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
10     at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
11     at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
12     at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
13     at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
14     at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)

2、使用Apache HttpClient做https的Post请求，调用代码就报上面的错误。

　　可以参考链接：https://stackoverflow.com/questions/39762760/javax-net-ssl-sslexception-certificate-doesnt-match-any-of-the-subject-alterna

　　代码参考，需要特别注意的是SSLContexts引入的httpcore-4.4.14.jar包，如下所示：

 1 package com.xxx.main.httpclient;
 2 
 3 import org.apache.http.conn.ssl.NoopHostnameVerifier;
 4 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 5 import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
 6 import org.apache.http.impl.client.CloseableHttpClient;
 7 import org.apache.http.impl.client.HttpClients;
 8 import org.apache.http.ssl.SSLContexts;
 9 
10 public class HttpClientMain {
11 
12 
13     public static void testShared(String catalogId, String appKey, String secret) throws Exception {
14         CloseableHttpClient httpClient = null;
15 
16         // 解决httpClient发送https错误的问题
17         SSLConnectionSocketFactory scsf = new SSLConnectionSocketFactory(
18                 SSLContexts.custom().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build(),
19                 NoopHostnameVerifier.INSTANCE);
20         httpClient = HttpClients.custom().setSSLSocketFactory(scsf).build();
21         
22         // .......
23 
24     }
25 
26 
27 }

本文参与腾讯云自媒体同步曝光计划，分享自作者个人站点/博客。

原始发表：2021-08-25 ，如有侵权请联系 cloudcommunity@tencent.com 删除

apache