[OpenXPKI-users] help

Bedantadeep Dutta Fri, 13 May 2022 04:15:16 -0700

Hello,
I configured an openxpki server with EST support. I am trying to check
things through a CA connector tool. The Get CA Certificate and Signed
Certificate was successful. But whenever I try the option to -Get
Certificate Revocation List [CRL] - Against Last Issued Certificate, it's
unsuccessful with an error message relating to absence of Subject
Alternative names which would match the IP address. Attached the error
logs. Kindly help.
Additional info: I replaced the IP address with "**I deleted the ip
address**"
Regards,
Bedanta

Select Workflow :


1. Get CA Certificate
2. Get Signed Certificate - CSR Generated By CA-Connector
3. Get Signed Certificate - CSR Generated By CA-Connector TestApp
4. Get Last Pending Certificate
5. Get Certificate Revocation List [CRL] - Against Last Issued Certificate
6. Enumerate All CES server URLs for MSCEWS protocol
7. Enumerate templates from CA Server for MSCEWS protocol
8. Start Over
E. Exit
5
Selected Option : 5

-----------------------------------------
Fetching CRL :

Fetching Issuer Info From Last Issued Certificate :
CN=MYOPENXPKI_ISSUINGCA, DC=CA-ONE, DC=INDIADEV, DC=LEXMARK, DC=COM

Fetching Serial Number From Last Issued Certificate :
382509159800374554752224

Fetching CRL From Certificate Authority...
[ERROR] 2022-05-13 16:25:41.387 [main] CaESTClient - Exception occured :
com.lexmark.dm.mve.ca.cewsc.SoapMsgTransportException: 
javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP 
address "**I deleted the ip address**" found
        at 
com.lexmark.dm.mve.ca.cewsc.SoapMsgTransport.getFile(SoapMsgTransport.java:250) 
~[certificate-authority-connector-next-SNAPSHOT.jar:next]
        at com.lexmark.dm.mve.ca.cewsc.CewsClient.getCRL(CewsClient.java:535) 
~[certificate-authority-connector-next-SNAPSHOT.jar:next]
        at 
com.lexmark.dm.mve.ca.cewsc.CewsClient.getRevocationList(CewsClient.java:268) 
~[certificate-authority-connector-next-SNAPSHOT.jar:next]
        at 
com.lexmark.dm.mve.ca.connector.CaESTClient.getCRL(CaESTClient.java:224) 
[certificate-authority-connector-next-SNAPSHOT.jar:next]
        at 
com.lexmark.dm.mve.ca.connector.CertificateAuthorityConnectorImpl.getRevocationList(CertificateAuthorityConnectorImpl.java:220)
 [certificate-authority-connector-next-SNAPSHOT.jar:next]
        at 
ca.connector.testapp.CertRevocationListFetcher.getCRLAgainstLastIssedCert(CertRevocationListFetcher.java:75)
 [certificate-authority-connector-next-SNAPSHOT.jar:next]
        at 
ca.connector.testapp.TestAppWorkflowMgr.getCRLAgainstLastIssedCert(TestAppWorkflowMgr.java:427)
 [certificate-authority-connector-next-SNAPSHOT.jar:next]
        at 
ca.connector.testapp.TestAppWorkflowMgr.testAppWorkflowExecutor(TestAppWorkflowMgr.java:150)
 [certificate-authority-connector-next-SNAPSHOT.jar:next]
        at 
ca.connector.testapp.CaConnectorTestApp.main(CaConnectorTestApp.java:29) 
[certificate-authority-connector-next-SNAPSHOT.jar:next]
Caused by: javax.net.ssl.SSLHandshakeException: No subject alternative names 
matching IP address 10.195.10.177 found
        at sun.security.ssl.Alert.createSSLException(Alert.java:131) 
~[?:1.8.0_332]
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:348) 
~[?:1.8.0_332]
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:291) 
~[?:1.8.0_332]
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:286) 
~[?:1.8.0_332]
        at 
sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
 ~[?:1.8.0_332]
        at 
sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
 ~[?:1.8.0_332]
        at 
sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
 ~[?:1.8.0_332]
        at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377) 
~[?:1.8.0_332]
        at 
sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) 
~[?:1.8.0_332]
        at 
sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) 
~[?:1.8.0_332]
        at 
sun.security.ssl.TransportContext.dispatch(TransportContext.java:182) 
~[?:1.8.0_332]
        at sun.security.ssl.SSLTransport.decode(SSLTransport.java:156) 
~[?:1.8.0_332]
        at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1423) 
~[?:1.8.0_332]
        at 
sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1329) 
~[?:1.8.0_332]
        at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:444) 
~[?:1.8.0_332]
        at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:415) 
~[?:1.8.0_332]
        at 
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) 
~[?:1.8.0_332]
        at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:197)
 ~[?:1.8.0_332]
        at 
sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1577)
 ~[?:1.8.0_332]
        at 
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1505)
 ~[?:1.8.0_332]
        at 
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:268)
 ~[?:1.8.0_332]
        at 
com.lexmark.dm.mve.ca.cewsc.SoapMsgTransport.getFile(SoapMsgTransport.java:237) 
~[certificate-authority-connector-next-SNAPSHOT.jar:next]
        ... 8 more
Caused by: java.security.cert.CertificateException: No subject alternative 
names matching IP address 10.195.10.177 found
        at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:183) 
~[?:1.8.0_332]
        at sun.security.util.HostnameChecker.match(HostnameChecker.java:104) 
~[?:1.8.0_332]
        at 
sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:457)
 ~[?:1.8.0_332]
        at 
sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:431)
 ~[?:1.8.0_332]
        at 
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:230)
 ~[?:1.8.0_332]
        at 
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
 ~[?:1.8.0_332]
        at 
sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
 ~[?:1.8.0_332]
        at 
sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
 ~[?:1.8.0_332]
        at 
sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
 ~[?:1.8.0_332]
        at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377) 
~[?:1.8.0_332]
        at 
sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) 
~[?:1.8.0_332]
        at 
sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) 
~[?:1.8.0_332]
        at 
sun.security.ssl.TransportContext.dispatch(TransportContext.java:182) 
~[?:1.8.0_332]
        at sun.security.ssl.SSLTransport.decode(SSLTransport.java:156) 
~[?:1.8.0_332]
        at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1423) 
~[?:1.8.0_332]
        at 
sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1329) 
~[?:1.8.0_332]
        at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:444) 
~[?:1.8.0_332]
        at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:415) 
~[?:1.8.0_332]
        at 
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) 
~[?:1.8.0_332]
        at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:197)
 ~[?:1.8.0_332]
        at 
sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1577)
 ~[?:1.8.0_332]
        at 
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1505)
 ~[?:1.8.0_332]
        at 
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:268)
 ~[?:1.8.0_332]
        at 
com.lexmark.dm.mve.ca.cewsc.SoapMsgTransport.getFile(SoapMsgTransport.java:237) 
~[certificate-authority-connector-next-SNAPSHOT.jar:next]
        ... 8 more
Exception Occured!
Reason For Exception : com.lexmark.dm.mve.ca.cewsc.SoapMsgTransportException: 
javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP 
address "**I deleted the ip address**" found
-----------------------------------------

-----------------------------------------
Select Workflow :

1. Get CA Certificate
2. Get Signed Certificate - CSR Generated By CA-Connector
3. Get Signed Certificate - CSR Generated By CA-Connector TestApp
4. Get Last Pending Certificate
5. Get Certificate Revocation List [CRL] - Against Last Issued Certificate
6. Enumerate All CES server URLs for MSCEWS protocol
7. Enumerate templates from CA Server for MSCEWS protocol
8. Start Over
E. Exit

_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users

[OpenXPKI-users] help

Reply via email to