javax.net.ssl.SSLException:<>的证书与任何主题备用名称都不匹配:[]

问题描述 投票:4回答:2

当我尝试使用Postman命中URL时,通过使用我的个人证书可以正常工作。但是当我尝试使用Rest Assured测试用例时它会抛出上述异常。

配置类

public class Configuration {

    protected SSLConfig config = null;
    private static final Logger LOG = LoggerFactory.getLogger(Configuration.class);

    @SuppressWarnings("deprecation")
    @BeforeClass
    public void setKeystore()

    {
        KeyStore keyStore = null;

        KeyStore trustStore = null;
        try {
            String certPassword = System.getProperty("certPassword");
            String certPath = System.getProperty("certPath");

            String trustStorePassword = System.getProperty("trustStorePassword");
            String trustStorePath = System.getProperty("trustStorePath");
            Validate.notNull(certPath, "Path to Certificate on the file system cannot be null");
            Validate.notEmpty(certPassword, "Password cannot be empty");
            Validate.notNull(trustStorePath, "Path to trustStore on the file system cannot be null");
            Validate.notEmpty(trustStorePassword, "TrustStore Password cannot be empty");

            keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new FileInputStream(certPath), certPassword.toCharArray());
            trustStore = KeyStore.getInstance("JKS");
            trustStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray());

            if (keyStore != null) {

                org.apache.http.conn.ssl.SSLSocketFactory clientAuthFactory = new org.apache.http.conn.ssl.SSLSocketFactory(
                        keyStore, certPassword, trustStore);
                config = new SSLConfig().with().sslSocketFactory(clientAuthFactory).and().allowAllHostnames();

            }
            EnvironmentConstants.getEnvironment();

        } catch (Exception e) {
            LOG.error("Error while loading keystore");
            e.printStackTrace();
        }
    }

    @BeforeTest
    public Properties loadproperties() {

        InputStream input = getClass().getClassLoader().getResourceAsStream("errorMessages.properties");
        Properties properties = new Properties();
        try {
            properties.load(input);
        } catch (IOException e) {
            e.printStackTrace();
        }
        return properties;
    }

}
java ssl https rest-assured
2个回答
3
投票

这个问题是因为,我们公司配置了新的服务器,但没有在服务器证书中包含DNS。所以我的公司在cert.Now中包含服务器名称它正在工作。

1
投票

RFC 2818 (the HTTPS specification)说:

如果主机名可用,客户端必须根据服务器的证书消息中显示的服务器身份进行检查,以防止中间人攻击...如果存在类型为dNSName的subjectAltName扩展名,则必须用作身份。否则,必须使用证书的Subject字段中的(最具体的)Common Name字段。尽管使用Common Name是现有做法,但不推荐使用它,并且鼓励证书颁发机构使用dNSName。

您应该生成包含SAN扩展的证书,其中包含您计划使用证书的所有主机名:

keytool -genkeypair \
    -keystore server-keystore.pkcs12 \
    -deststoretype pkcs12 \
    -dname "CN=mydomain.local" \
    -keypass changeit \
    -storepass changeit \
    -keyalg RSA \
    -validity 1825 \
    -keysize 4096 \
    -alias mydomain.local \
    -ext SAN=dns:mydomain.local,dns:mydomain.dev,dns:mydomain.test,dns:localhost
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.