2020-06-23 15:02:16.671 WARN 25416 --- [figRepository-1] c.c.f.a.i.AbstractConfigRepository :
Sync config failed, will retry. Repository class com.ctrip.framework.apollo.internals.RemoteConfigRepository,
reason: Get config services failed from https://apollo-dev.chaojihao.com/services/config?appId=001089&ip=192.168.162.74
[Cause: Could not complete get operation [Cause: java.security.cert.CertificateException: No subject alternative DNS name matching apollo-dev.chaojihao.com found.
[Cause: No subject alternative DNS name matching apollo-dev.chaojihao.com found.]]]
CertificateException: No subject alternative DNS name matching XXX found 解决办法
最近访问第三方接口传递数据,出现SSL证书认证失败的情况,于是做出了如下努力:
1.安装了对应网站的证书,提示证书安装成功,但是还是不可以访问;
2.查阅资料,得知JDK8以后添加了证书验证的配置,将对应配置进行修改,发现还是不可以访问;
决定在代码层跳出SSL验证
异常信息如下:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching XXX found.
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:162)
新增跳过证书的类,TrustAllTrustManager.java,代码如下:
public class TrustAllTrustManager implements javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager {
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)
throws java.security.cert.CertificateException {
return;
}
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)
throws java.security.cert.CertificateException {
return;
}
}
在HttpSendUtils.java文件中添加,如下代码:
// 直接通过主机认证
HostnameVerifier hv = new HostnameVerifier() {
@Override
public boolean verify(String urlHostName, SSLSession session) {
return true;
}
};
// 配置认证管理器
javax.net.ssl.TrustManager[] trustAllCerts = {new TrustAllTrustManager()};
SSLContext sc = SSLContext.getInstance("SSL");
SSLSessionContext sslsc = sc.getServerSessionContext();
sslsc.setSessionTimeout(0);
sc.init(null, trustAllCerts, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// 激活主机认证
HttpsURLConnection.setDefaultHostnameVerifier(hv);
URL url = new URL(url);
HttpURLConnection connection = (HttpURLConnection)url.openConnection();