解决ssl java.security.cert.CertificateException: No name match

于 2021-05-29 13:55:24 发布
阅读量4.4k 收藏 2
点赞数 3
分类专栏: java,Java9 文章标签: Apache Java AMQ ActivqMQ SSL
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/wangwenjun69/article/details/117382503
版权
本文档详细介绍了在使用ActiveMQ时遇到的`java.security.cert.CertificateException: No name matching localhost found`问题的解决过程。内容包括SSL证书的制作、Broker SSL Connector配置、客户端代码关键部分及出现SSL问题时的排查思路,特别是如何通过修改URI参数来避免主机名匹配检查。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

activemq ssl  java.security.cert.CertificateException: No name matching localhost found

解决activemq ssl  java.security.cert.CertificateException: No name matching localhost found的问题

目录

问题描述:

SSL证书的制作(未做CA签名)

Broker SSL Connector以及SSL证书的配置

配置transportConnectors

配置SSL证书

客户端程序关键代码

出现SSL问题,排查思路

ActiveMQSslConnectionFactory

ActiveMQConnectionFactory

TransportFactory

SslTransportFactory​​​​​​

SslTransport

问题描述:

在AMQ Broker配置ssl+nio的connector,安装SSL证书,客户端通过ssl进行topic消息的发送与消费时出现java.security.cert.CertificateException: No name matching localhost found的问题,下文是具体的过程

SSL证书的制作(未做CA签名)

#创建broker的keystore
keytool -genkey -alias broker -keyalg RSA -keystore broker.ks
#从broker keystore中导出证书
keytool -export -alias broker -keystore broker.ks -file broker_cert
#创建客户端的keystore
keytool -genkey -alias client -keyalg RSA -keystore client.ks
#将服务器端的证书导入客户端的keystore
keytool -import -alias broker -keystore client.ts -file broker_cert

注意:这里仅做单项认证,也就是说客户端认证服务器是否合法,并未做双向认证,双向认证可以参考文档:https://activemq.apache.org/how-do-i-use-ssl.html

Broker SSL Connector以及SSL证书的配置

将制作的证书配置在AMQ的Broker中,并且配置Connector使其生效

配置transportConnectors

<transportConnectors>
...
<transportConnector name="auto+nio+ssl" uri="auto+nio+ssl://0.0.0.0:61616?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
			<transportConnector name="nio+ssl" uri="nio+ssl://0.0.0.0:61617?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
...
</transportConnectors>

配置SSL证书

<sslContext>
		    <sslContext keyStore="conf/broker.ks"
                keyStorePassword="******"
				 trustStore="conf/broker.ks" 
                 trustStorePassword="******" />
        </sslContext>

客户端程序关键代码

客户端代码比较简单(无论publish还是subscribe),所以我只贴出来关键部分的代码

//使用ActiveMQSslConnectionFactory,它是ActiveMQConnectionFactory的子类,做了一些关于SSLContext的声明
ActiveMQSslConnectionFactory factory = new ActiveMQSslConnectionFactory("ssl://192.168.88.3:61617");
    factory.setKeyAndTrustManagers(getKeyManagers("keystore路径", "keystore密码"),
            getTrustManagers(), new java.security.SecureRandom());
//...省略
  private static TrustManager[] getTrustManagers()
          throws NoSuchAlgorithmException, IOException,
          KeyStoreException, CertificateException {
    return new TrustManager[]{new X509TrustManager() {
      private X509Certificate[] certificates;

      @Override
      public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
        if (x509Certificates == null) {
          this.certificat
最低0.47元/天 解锁文章
java HttpURLConnection调用https接口报错 No subject alternative names matching IP address xxxx found
qq445829096的博客
03-20 553
java HttpURLConnection调用https接口报错 No subject alternative names matching IP address xxxx found
java报错已解决java.security.cert.CertificateException
鸽芷咕的博客
12-15 953
Java应用程序中,特别是在处理网络通信和数据安全时,证书的使用是确保数据传输安全的重要手段。`java.security.cert.CertificateException`是一个在处理证书时可能遇到的异常,它表明证书存在问题,导致相关的安全操作无法正常进行。这个异常可能涉及到证书的验证、解析或管理等多个方面。本文将详细探讨`CertificateException`的成因,并提供多种解决方案,帮助开发者快速定位并解决这类问题。
Linux下tomcat配置ssl中报错问题的解决javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExcepti
龙遥的世界
03-04 2万+
原问题: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present http://blog.csdn.net/robert_lizhiqiang/article/details/44060217 解决报错问题:> s
java.security.cert.CertificateException:找不到与本地主机匹配的名称
一名可爱的技术搬运工
05-24 845
问题 配置Tomcat以支持SSL并部署了此简单的hello world Web服务 。 并使用以下客户端通过SSL连接连接到已部署的Web服务: package com.mkyong.client; import java.net.URL; import javax.xml.namespace.QName; import javax.xml.ws.Service; import c...
java.security.cert.CertificateException: No subject alternative DNS name matching XXX found解决方案
12-21
由于第三方服务商更新服务器证书,导致向其推送数据出现SSL证书认证失败。 网上搜了一堆,都无法生效,最终找到了一个完美解决方案: 在代码层跳出SSL验证 1、观察异常日志信息如下: 2、新增跳过证书的类,TrustAllTrustManager.java,代码如下: public class TrustAllTrustManager implements javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager { @Override public java.security.cert.X509Certificate
java.security.cert.CertificateException: No name matching IP found
张凡
11-13 3439
java.security.cert.CertificateException: No name matching localhost found 解释;安全证书异常,IP地址找不到 解决方案如下:程序加入static里面的代码块就OK了 代码的意思就是程序默认这个IP地址是安全可访问的 Problem ConfiguredTomcat to support SSLand deplo...
java.security.cert.CertificateException: No name matching cas.gogoyuan.cn found
天下无双
06-07 1万+
Tomcat 6.0.14, Spring 2.5 rc acegisecurity 1.0.5 cas-server 3.1<br /><br />It seems authentication has succeeded, but when I visit the destination page, I am sent to authorizationFailure.jsp, it says<br /><br />Authorization Failure<br /><br />You are not
java.security.cert.CertificateException: No name matching https证书验证不通过
料峭春风吹酒醒,微冷, 山头斜照却相迎。 回首向来萧瑟处,归去, 也无风雨也无晴!
08-30 9563
1、报错信息 1 java.security.cert.CertificateException: No name matching api.weibo.com found; nested exception is javax.net.ssl.SSLHandshakeException: java.security.cert.Certific
Java.Security.Cert.CertificateException: No Name Matching Localhost Found
zhoutaohenan的专栏
05-08 5460
Problem Configured Tomcat to support SSL and deployed this simple hello world web service. And use following client connect to the deployed web service over SSL connection : package com.mkyo
elasticsearch@elasticsearch-master-2:~$ elasticsearch-reset-password -u elastic -i 123qqWARNING: Owner of file [/usr/share/elasticsearch/config/users] used to be [root], but now is [elasticsearch] WARNING: Owner of file [/usr/share/elasticsearch/config/users_roles] used to be [root], but now is [elasticsearch] q05:59:51.395 [main] WARN org.elasticsearch.common.ssl.DiagnosticTrustManager - failed to establish trust with server at [172.16.58.200]; the server provided a certificate with subject name [CN=elasticsearch-master], fingerprint [663f0e2ea99d6c658d7418a5119e1d756abc2ef3], keyUsage [digitalSignature, keyEncipherment] and extendedKeyUsage [serverAuth, clientAuth]; the session uses cipher suite [TLS_AES_256_GCM_SHA384] and protocol [TLSv1.3]; the certificate has subject alternative names [DNS:elasticsearch-master,DNS:elasticsearch-master.logging,DNS:elasticsearch-master.logging.svc]; the certificate is issued by [CN=elasticsearch-ca] but the server did not provide a copy of the issuing certificate in the certificate chain; the issuing certificate with fingerprint [6aacfbb37169100f515734e0862890ea18cd03f1] is trusted in this ssl context ([xpack.security.http.ssl (with trust configuration: PEM-trust{/usr/share/elasticsearch/config/certs/ca.crt})]) java.security.cert.CertificateException: No subject alternative names matching IP address 172.16.58.200 found at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:164) ~[?:?] at sun.security.util.HostnameChecker.match(HostnameChecker.java:101) ~[?:?]
最新发布
04-02
证书的 SAN 中仅包含 DNS 名称(如 `elasticsearch-master`, `elasticsearch-master.logging.svc`),但客户端尝试通过 **IP 地址 `172.16.58.200`** 连接节点,触发 `java.security.cert.CertificateException`。...
SSL - SSLHandshakeException: No subject alternative names matching IP address <ip> found
袭冷
08-08 2万+
一、异常日志 javax.net.ssl.SSLHandshakeException: Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 110.75.244.16 found at sun.security.util....
java ca 验证失败_在Java中针对CA验证X.509证书
weixin_35923682的博客
02-23 1234
可以说我有这样的东西(客户端代码):TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {@Overridepublic java.security.cert.X509Certificate[] getAcceptedIssuers() {return null;}@Overridepublic void...
CAS部署错误3:java.security.cert.CertificateException: No name match
diyagea的博客
02-06 1万+
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching casserver found 报出该异常的原因是:在创建密钥库是没有把域名设置进去,如下图红框处,必须是你访问的域名,如果是本地测试,可以用localhost 详情配置请参考:CA
解決 java.security.cert.CertificateException: Certificates does not conform to algorithm constraints...
weixin_33834628的博客
11-25 230
找到 jre/lib/security/java.security  将 jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize &lt; 2048 改为 jdk.certpath.disabledAlgorithms=
关于java发送https请求 提示java.security.cert.CertificateException: No name matching xxxx found的解决方法
热门推荐
qq_33135813的博客
10-14 3万+
1.这2天项目中需要调用外部接口,开始以为挺简单的,后面使用HttpConnection发送post请求出现了以下的错误信息.通过观察日志中的错误信息发现,应该是在创建HttpConnection的http连接的时候,出现了SSL安全认证的问题,通过查找相关的资料发现,应该是由于外部接口的https证书中的主机名称与本地https请求的主机名称不一致导致的, 同时通过浏览器访问,发现该地址访问不安...
Java SSL - CertificateException: No name matching
hongchangfirst
10-11 1万+
java去连接SSL网站时,有时候出现: Caused by: java.security.cert.CertificateException: No name matching ... 这是因为虽然server的certificate被trust了,但是host name verify验证失败,因为你connect的service的hostname和证书中的subject CN nam
CAS5 报错javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matchin
GuanHao的博客
08-01 1946
在Tomcat的Server.xml端口配置的密钥库没有你访问的域名设置进去 &lt;Connector port="8443" protocol="HTTP/1.1" minSpareThreads="5" maxSpareThreads="75" enableLookups="true...
Caused by: java.security.cert.CertificateException: No name matching cas.jackray.com found
ppwwp的专栏
03-03 1498
感觉是证书的问题,先记录一下问题,搞定了更细结果 2021-03-03 23:44:56.783 ERROR 20992 --- [nio-8088-exec-1] org.jasig.cas.client.util.CommonUtils : SSL error getting response from host: cas.jackray.com : Error Message: java.security.cert.CertificateException: No name matching c
java.security.cert.CertificateException: No subject alternative names matching IP address xxx.xxx.xx...
anfuyi5792的博客
09-11 4918
https与http不同的是,https加密,需要验证证书,而http不需要。 在连接的代码中加上: static { disableSslVerification(); } private static void disableSslVerification() { try { ...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值