2014-11-04 22:07 GMT+01:00 Cole Ferrier <[email protected]>: > We have the correct certificate authorities registered in the java > certificate store, so it should be able to validate the cert chain without > a problem. There is a different error if that isn't correct. > > Or i'm not sure what your asking by "And why ? where is the server > certificate stored ?"
It's only I didn't know it . I guess that you have imported the server certificate into the same certificate store. My question is why your Java standalone program works Are you changed HttpsURLConnection's default hostname verifier ? Or HttpsURLConnection checks hostname against Subject and Subject Alternate Names ? > > > > On Tue, Nov 4, 2014 at 12:17 PM, Jose María Zaragoza <[email protected]> > wrote: > >> 2014-11-04 16:56 GMT+01:00 Cole Ferrier <[email protected]>: >> > Having a little bit of trouble with a a client web service due to a >> server >> > now having a certificate where its name is only in Subject Alternate >> Names. >> > >> > At first we where getting an error that was out of CXF and it said to >> set " >> > disableCNCheck" to true, however we don't want to disable alternate >> names. >> > >> > Then I tried a simple test: >> > >> > url = new URL(https_url); >> > HttpsURLConnection con = (HttpsURLConnection) url.openConnection(); >> > >> > and java 7 was able to connect to the url and download content from it. >> (it >> > didn't through off any errors). >> >> And why ? where is the server certificate stored ? >> >> >> > >> > So then we set useHttpsURLConnectionDefaultSslSocketFactory and >> > useHttpsURLConnectionDefaultHostnameVerifier to true to try to use the >> Java >> > versions. >> > >> > javax.xml.ws.WebServiceException: Could not send Message. >> > at >> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145) >> > at com.sun.proxy.$Proxy50.callback(Unknown Source) >> > ..... (Code that called started the web service call) >> > Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException >> > invoking https://xxxxxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxxxx: >> > java.security.cert.CertificateException: No subject alternative DNS name >> > matching xxxxxxxxxxxxxxxxxxxxxxx found. >> > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native >> Method) >> > at >> > >> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) >> > at >> > >> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) >> > at java.lang.reflect.Constructor.newInstance(Constructor.java:526) >> > at >> > >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1334) >> > at >> > >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1318) >> > at >> > org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) >> > at >> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623) >> > at >> > >> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) >> > at >> > >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271) >> > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541) >> > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474) >> > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377) >> > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330) >> > at >> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) >> > at >> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134) >> > ... 5 more >> > Caused by: javax.net.ssl.SSLHandshakeException: >> > java.security.cert.CertificateException: No subject alternative DNS name >> > matching xxxxxxxxxxxxxxxx found. >> > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) >> > at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886) >> > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) >> > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) >> > at >> > >> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) >> > at >> > >> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153) >> > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) >> > at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) >> > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) >> > at >> > >> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) >> > at >> > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) >> > at >> > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323) >> > at >> > sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515) >> > at >> > >> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) >> > at >> > >> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1090) >> > at >> > >> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250) >> > at >> > >> org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:168) >> > at >> > >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1278) >> > at >> > >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1234) >> > at >> > >> org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195) >> > at >> > >> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47) >> > at >> > >> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69) >> > at >> > >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1291) >> > ... 15 more >> > Caused by: java.security.cert.CertificateException: No subject >> alternative >> > DNS name matching xxxxxxxxxxxxxxxxx found. >> > at >> sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:191) >> > at sun.security.util.HostnameChecker.match(HostnameChecker.java:93) >> > at >> > >> sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:347) >> > at >> > >> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:203) >> > at >> > >> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) >> > at >> > >> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323) >> > ... 33 more >> > >> > >> > Any Ideas why a basic URL connection works, but CXF while set to use the >> > Java defaults doesn't? >> > >> > >> > Thanks. >> > >> > Cole >>
