当前位置：首页 > article >正文

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative

article 2025/8/20 21:53:32

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative

问题挺奇怪的，以前访问都是好好的，今天访问突然就不行了，出现了：出现SSL证书认证失败，安裝接口对应的网站证书并不好使，决定在代码层跳出SSL验证

异常显示如下：

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching '***' found.at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014)at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)at com.ssh.insure.utils.PublicUtils.QSCrequestServiceJson(PublicUtils.java:408)at com.ssh.insure.service.impl.QscSurCallBackServiceImpl.doSendBack(QscSurCallBackServiceImpl.java:72)at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)at java.lang.reflect.Method.invoke(Method.java:597)at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)at $Proxy43.doSendBack(Unknown Source)at com.ssh.insure.action.TestJDReAction.duQscData(TestJDReAction.java:111)at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)at java.lang.reflect.Method.invoke(Method.java:597)at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:871)at ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:1294)at ognl.ObjectMethodAccessor.callMethod(ObjectMethodAccessor.java:68)at com.opensymphony.xwork2.ognl.accessor.XWorkMethodAccessor.callMethodWithDebugInfo(XWorkMethodAccessor.java:117)at com.opensymphony.xwork2.ognl.accessor.XWorkMethodAccessor.callMethod(XWorkMethodAccessor.java:108)at ognl.OgnlRuntime.callMethod(OgnlRuntime.java:1370)at ognl.ASTMethod.getValueBody(ASTMethod.java:91)at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)at ognl.SimpleNode.getValue(SimpleNode.java:258)at ognl.Ognl.getValue(Ognl.java:467)at ognl.Ognl.getValue(Ognl.java:431)at com.opensymphony.xwork2.ognl.OgnlUtil$3.execute(OgnlUtil.java:352)at com.opensymphony.xwork2.ognl.OgnlUtil.compileAndExecuteMethod(OgnlUtil.java:404)at com.opensymphony.xwork2.ognl.OgnlUtil.callMethod(OgnlUtil.java:350)at com.opensymphony.xwork2.DefaultActionInvocation.invokeAction(DefaultActionInvocation.java:430)at com.opensymphony.xwork2.DefaultActionInvocation.invokeActionOnly(DefaultActionInvocation.java:290)at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:251)at org.apache.struts2.interceptor.DeprecationInterceptor.intercept(DeprecationInterceptor.java:41)at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245)at org.apache.struts2.interceptor.debugging.DebuggingInterceptor.intercept(DebuggingInterceptor.java:256)at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245)at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:168)at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245)at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265)at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:76)at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245)at com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.intercept(ConversionErrorInterceptor.java:138)at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245)at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:229)at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245)at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:229)at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245)at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:191)at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245)at org.apache.struts2.interceptor.MultiselectInterceptor.intercept(MultiselectInterceptor.java:73)at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245)at org.apache.struts2.interceptor.DateTextFieldInterceptor.intercept(DateTextFieldInterceptor.java:125)at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245)at org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:91)at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245)at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:253)at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245)at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245)at com.opensymphony.xwork2.interceptor.ScopedModelDrivenInterceptor.intercept(ScopedModelDrivenInterceptor.java:141)at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245)at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245)at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245)at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:140)at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245)at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245)at com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasInterceptor.java:193)at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245)at com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.intercept(ExceptionMappingInterceptor.java:189)at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245)at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:575)at org.apache.struts2.dispatcher.ng.ExecuteOperations.executeAction(ExecuteOperations.java:81)at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:99)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)at com.ssh.common.filter.PerfFilter.doFilter(PerfFilter.java:51)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)at java.lang.Thread.run(Thread.java:662)
Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching bones-api-test.qsebao.com found.at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:193)at sun.security.util.HostnameChecker.match(HostnameChecker.java:77)at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:264)at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:250)at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)... 121 more

原请求方式：用次方式请求时会报以上错误

	/*** 发送HTTP请求* @param toURL 请求地址* @param data 请求参数* @param dateType 参数类型，“JSON”,other* @return* @throws Exception*/public static String requestServiceJson(String toURL, String data,String dateType)throws Exception {StringBuffer bs = new StringBuffer();URL sendUrl = new URL(toURL.trim());URLConnection connection = sendUrl.openConnection();connection.setConnectTimeout(30000);connection.setReadTimeout(30000);connection.setDoOutput(true);if("JSON".equalsIgnoreCase(dateType)){connection.setRequestProperty("Content-Type","application/json;chert=UTF-8");}else{connection.setRequestProperty("Content-Type","application/x-www-form-urlencoded");}OutputStreamWriter out = new OutputStreamWriter(connection.getOutputStream(), "UTF-8");out.write(data);out.flush();out.close();connection.connect();int code = ((HttpURLConnection) connection).getResponseCode();InputStream is =  null;if (code == 200) {is = connection.getInputStream(); // 得到网络返回的正确输入流} else {is = ((HttpURLConnection) connection).getErrorStream(); // 得到网络返回的错误输入流}BufferedReader buffer = new BufferedReader(new InputStreamReader(is,"UTF-8"));String l = null;while ((l = buffer.readLine()) != null) {bs.append(l);}return bs.toString();}

解决方式如下：

条件类：

package com.ssh.insure.utils.qscUtil;public class TrustAllTrustManager implements javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager {@Overridepublic java.security.cert.X509Certificate[] getAcceptedIssuers() {return null;}@Overridepublic void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)throws java.security.cert.CertificateException {return;}@Overridepublic void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)throws java.security.cert.CertificateException {return;}}

修改请求工具类：

	/*** 发送HTTP请求* @param toURL 请求地址* @param data 请求参数* @param dateType 参数类型，“JSON”,other* @return* @throws Exception*/public static String QSCrequestServiceJson(String toURL, String data,String dateType)throws Exception {StringBuffer bs = new StringBuffer();//  直接通过主机认证HostnameVerifier hv = new HostnameVerifier() {@Overridepublic boolean verify(String arg0, SSLSession arg1) {return true;}};//  配置认证管理器javax.net.ssl.TrustManager[] trustAllCerts = {new TrustAllTrustManager()};SSLContext sc = SSLContext.getInstance("SSL");SSLSessionContext sslsc = sc.getServerSessionContext();sslsc.setSessionTimeout(0);sc.init(null, trustAllCerts, null);HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());//  激活主机认证HttpsURLConnection.setDefaultHostnameVerifier(hv);URL url = new URL(toURL);HttpURLConnection connection = (HttpURLConnection)url.openConnection();connection.setConnectTimeout(30000);connection.setReadTimeout(30000);connection.setDoOutput(true);if("JSON".equalsIgnoreCase(dateType)){connection.setRequestProperty("Content-Type","application/json;chert=UTF-8");}else{connection.setRequestProperty("Content-Type","application/x-www-form-urlencoded");}OutputStreamWriter out = new OutputStreamWriter(connection.getOutputStream(), "UTF-8");out.write(data);out.flush();out.close();connection.connect();int code = ((HttpURLConnection) connection).getResponseCode();InputStream is =  null;if (code == 200) {is = connection.getInputStream(); // 得到网络返回的正确输入流} else {is = ((HttpURLConnection) connection).getErrorStream(); // 得到网络返回的错误输入流}BufferedReader buffer = new BufferedReader(new InputStreamReader(is,"UTF-8"));String l = null;while ((l = buffer.readLine()) != null) {bs.append(l);}return bs.toString();}