martes, 2 de diciembre de 2014

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present

¡Problemas para consumir un Web Services con SSL!!...

dump Error:
"Exception in thread "main" com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address IP found"

Explicación del problema:

No subject alternative names present

Sample Alt Name Stack Trace
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
In most cases this is a hostname/SSL certificate CN mismatch. This commonly happens when a self-signed certificate issued to localhost is placed on a machine that is accessed by IP address. It should be noted that generating a certificate with an IP address for a common name, e.g. CN=192.168.1.1,OU=Middleware,dc=vt,dc=edu, will not work in most cases where the client making the connection is Java. For example the Java CAS client will throw SSL errors on connecting to a CAS server secured with a certificate containing an IP address in the CN.


La Solución es sobre escribir el método Java de verificación del HostName sobre la aplicación que consume el Web Service de la siguiente manera:
  static {
    HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
      public boolean verify(String hostname, SSLSession session) {
        if (hostname.equals("IP.IP.IP.IP")) {
          return true;
        }
        return false;
      }
    });
  }


Saludos!! Armando Mateu.