Failed to access the WSDL. It failed with: java.security.cert.CertificateException: No subject alternative names present

Question

Failed to access the WSDL. It failed with: java.security.cert.CertificateException: No subject alternative names present

Navigation

#1 by (2 votes)

1

I have started working with Web Services and trying to consume one for telephony provided by Avaya from a web application that I am creating in Netbeans. The code in the application is simply for a login:

HTML code

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>Inicio Sesi&oacute;n</title>
</head>
<body>
    <form id="login-form" class="login-form" action="index_proceso.jsp" method="post" autocomplete="off">
        <div>
            <input type="text" placeholder="Usuario" id="usuario" required name="usuario" autocomplete="off" >
        </div>                        
        <div>
            <input type="password" class="user-password" placeholder="Contraseña"required name="contrasena" autocomplete="off" >
        </div>                        
        <input id="login-submit" type="submit" class="submit" value="Ingresar"/>
    </form>
</body>

Java code from a JSP

These are the actions that will be carried out when you press the button for the login. This is where I send to call the "createSession" method provided by the Web Service that I am trying to consume, this method returns a token or string type identifier if the user's data (username and password) are correct. So the only thing I'm asking now is for you to return and print that token.

<jsp:useBean id="valida" scope="request" class="control.Control" />

<%
String usuario = request.getParameter("usuario");
String contrasena = request.getParameter("contrasena");

System.out.println("DATOS: " + usuario + " " + contrasena);

String resultado = "";
try{
    resultado = valida.createSession(usuario,contrasena);
}catch(Exception ex){
    System.out.println(ex.getMessage());

}

System.out.println("TOKEN " + resultado); 
%>

Java class where the createSession method is imported

package control;

import webservices.GenericException;
import webservices.InvalidCredentialsException;


public class Control {

public static String createSession(java.lang.String loginName, java.lang.String password) throws InvalidCredentialsException, GenericException {
    webservices.Directory_Service service = new webservices.Directory_Service();
    webservices.Directory port = service.getDirectory();
    return port.createSession(loginName, password);
}
}

The problem I have is that pressing the Enter button sends me the following error.

Failed to access the WSDL at: link . It failed with: java.security.cert.CertificateException: No subject alternative names present.

I've been investigating how to solve that error but I have not succeeded. I do not know if this error is due to some certificate or because I am doing badly the consumption of the web service. The functions and classes were downloaded correctly but when trying to use them I get the error mentioned above.

I hope you can help me understand the cause of this error and how to solve it.

java webservice jax-rs wsdl

asked by Nancy 18.12.2018 в 19:44

source

1 answer

Error comparing the name of two contacts in an arraylist agenda_telefono Sql Server Update Column from another table

score 2 · Answer 1

In principle the cause related to the message is that the server X.XXX.X.XXX is presenting a certificate (X509) that has not declared the name of the host in the extension SAN (Subject Alternative Name).

This section of the certificate lists the valid names that the server can have (and that are used to contrast with the name entered in the URL during the TLS handshake).

Traditionally, this control was done against the field CN (Common name), but in reality, the section SAN , is the correct place where verification should be done, and this has lately begun to be controlled in a more strict way .

To corroborate that this is the problem you can use openssl to download the certificate and review it.

echo | openssl s_client -showcerts -servername X.XXX.X.XXX -connect X.XXX.X.XXX:XXXXX 2>/dev/null | openssl x509 -inform pem -noout -text

(Be careful, in the -connect the port is also included)

For example, this is the SAN section running the command for google.com:443

X509v3 Subject Alternative Name:
                DNS:*.google.com, DNS:*.android.com, DNS:*.appengine.google.com, DNS:*.cloud.google.com,  etc ... (muchos más)

I took the command from this place

If this is the problem, the correct thing would be for the certificate to be replaced with a valid one, that is, to have the name of the host included in SAN .

EDITION I

Although the de facto solution is opnessl , I found that you can also see the remote certificate using keytool that comes with the java installation.

keytool -printcert -sslserver <host>:<puerto>