• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Getting error "No subject alternative names" when doing secure URL connection

 
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am trying to make a connection to a URL using https:
I am getting the error
java.security.cert. CertificateException: No subject alternative names present

I have the certificate loaded into a keystore and I am using the parameters
-Djavax.net.ssl. trustStore= C:\asf\asfSystemTest.ks
-Djavax.net.ssl. trustStore Password=changeit

Any ideas on how to fix this.
 
Ranch Hand
Posts: 220
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I believe that, by default, the HTTPS URL classes closely follow the rules laid out for checking server identity in section 3.1 of RFC 2818. I believe the error message you recieve indicates those identity checks fail. In general, if you specify a URL of "https://www.server.net", then the certificate sent back from that server should contain a special field called the "Subject Alternative Name", and furthermore the value of this field should be www.server.net. In lieu of this, it may contain www.server.net in one of the CN fields of the subject name. But please see RFC 2818 for the actual rules. If neither of these is true, I think you receive the error you got.

To see if this is indeed the problem, you can temporarily disable the hostname check by using a custom hostname verifier that always returns true. NOTE: this is just for testing, don't do this in your real application! Here is a small example showing this:
 
Dave Trower
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That worked.
Thank you Greg
 
reply
    Bookmark Topic Watch Topic
  • New Topic