java.security.cert.CertificateException: No name matching https证书验证不通过

最新推荐文章于 2024-12-15 18:49:51 发布

转载最新推荐文章于 2024-12-15 18:49:51 发布 · 9.5k 阅读

1、报错信息

java.security.cert.CertificateException:
 No name matching api.weibo.com found; nested exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching api.weibo.com found

原因：在调用api.weibo.com的时候，我们使用的是https的方式，正常情况下应该是使用api.weibo.com的证书，但由于某些原因，我们只能使用自己的证书，导致在验证证书的时候，就报了这个错误。

解决的办法：忽略服务端和客户端的证书校验即可。java 提供的相关的类。

2、具体实现方式

通过重写TrustManager的checkClientTrusted（检查客户端证书信任）和checkServerTrusted（检查服务端证书验证）。

以及HostnameVerifier的verify（校验）方法即可取消对证书的所有验证。

import

org.slf4j.Logger;

import

org.slf4j.LoggerFactory;

import

javax.net.ssl.*;

import

java.io.IOException;

import

java.net.URL;

import

java.security.cert.CertificateException;

import

java.security.cert.X509Certificate;

public

final 
class 
DisableSSLCertificateCheckUtil {

    private

static 
final 
Logger LOGGER = LoggerFactory.getLogger(DisableSSLCertificateCheckUtil.class);

    /**

     *
 Prevent instantiation of utility class.

     */

    private

DisableSSLCertificateCheckUtil() {

    }

    /**

     *
 Disable trust checks for SSL connections.

     */

    public

static 
void 
disableChecks() {

        try

{

            new

URL("https://0.0.0.0/").getContent();

        }
catch

(IOException e) {

            //
 This invocation will always fail, but it will register the

            //
 default SSL provider to the URL class.

        }

        try

{

            SSLContext
 sslc;

            sslc
 = SSLContext.getInstance("TLS");

            TrustManager[]
 trustManagerArray = {new

X509TrustManager() {

                @Override

                public

void 
checkClientTrusted(X509Certificate[] chain, String authType) throws

CertificateException {

                }

                @Override

                public

void 
checkServerTrusted(X509Certificate[] chain, String authType) throws

CertificateException {

                }

                @Override

                public

X509Certificate[] getAcceptedIssuers() {

                    return

new 
X509Certificate[0];

                }

            }};

            sslc.init(null,
 trustManagerArray, null);

            HttpsURLConnection.setDefaultSSLSocketFactory(sslc.getSocketFactory());

            HttpsURLConnection.setDefaultHostnameVerifier(new

HostnameVerifier() {

                @Override

                public

boolean 
verify(String s, SSLSession sslSession) {

                    return

true;

                }

            });

        }
catch

(Exception e) {

            LOGGER.error("error
 msg:{}",
 e);

            throw

new 
IllegalArgumentException("证书校验异常！");

        }

    }

}

调用方式：

DisableSSLCertificateCheckUtil.disableChecks();

影响的范围：将会影响整个tomcat里面对证书的验证。即通过tomcat里面的其他项目虽然没有执行这一段代码但是也同样会忽略证书的验证。

影响的时间：执行这段代码之后的所有时间都生效。

原文地址：http://www.importnew.com/24192.html