Generally, what the error means is that the server address does not match the certificate address. As a first step, make sure that "Issued to" field of the cert matches the FQDN of the server.
-Misagh On 5/22/2012 10:47 PM, Pratik Das wrote: > > > > Sent from Yahoo! Mail on Android > > > ------------------------------------------------------------------------ > *From: * Pratik Das <[email protected]>; > *To: * [email protected] <[email protected]>; > *Cc: * Pratik Das <[email protected]>; > *Subject: * Fw: cas SSL error : subject alternative names present > *Sent: * Wed, May 23, 2012 4:09:24 AM > > > > > Sent from Yahoo! Mail on Android > > > ------------------------------------------------------------------------ > *From: * [email protected] <[email protected]>; > *To: * <[email protected]>; > *Subject: * cas SSL error : subject alternative names present > *Sent: * Wed, May 23, 2012 4:04:51 AM > > I have created a self signed certificate using JDK keytool and enabled > SSL in Tomcat like this: > > <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" > > maxThreads="150" scheme="https" secure="true" > > clientAuth="false" sslProtocol="TLS" > keystoreFile="d:\pratik\certstore\ssoServer.jks" keyAlias="tomcat" > > keystorePass="pratik" > > /> > > I then exported this certificate and imported the same in JDK’s > security/cacert keystore. But I am still getting the following > exception: I have also attached the full stack trace from tomcat > console after enabling ssl trace. I have set the CN name as 127.0.0.1 > while generating the certificate. > > javax.servlet.ServletException: javax.net.ssl.SSLHandshakeException: > java.security.cert.CertificateException: No subject alternative names > present > > > edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:254) > > > edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184) > > *root cause* > > javax.net.ssl.SSLHandshakeException: > java.security.cert.CertificateException: No subject alternative names > present > > > com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) > > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1623) > > > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:198) > > > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:192) > > > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1074) > > > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:128) > > > com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:529) > > > com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:465) > > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884) > > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1120) > > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1147) > > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1131) > > > sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434) > > > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166) > > > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1049) > > > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234) > > edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:70) > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
