java.security.cert.CertificateException: No name matching https证书验证不通过

1、报错信息

1

java.security.cert.CertificateException: No name matching api.weibo.com found; nested exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching api.weibo.com found

原因：在调用api.weibo.com的时候，我们使用的是https的方式，正常情况下应该是使用api.weibo.com的证书，但由于某些原因，我们只能使用自己的证书，导致在验证证书的时候，就报了这个错误。

解决的办法：忽略服务端和客户端的证书校验即可。java 提供的相关的类。

2、具体实现方式

通过重写TrustManager的checkClientTrusted（检查客户端证书信任）和checkServerTrusted（检查服务端证书验证）。

以及HostnameVerifier的verify（校验）方法即可取消对证书的所有验证。

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

importorg.slf4j.Logger;

importorg.slf4j.LoggerFactory;

 

importjavax.net.ssl.*;

importjava.io.IOException;

importjava.net.URL;

importjava.security.cert.CertificateException;

importjava.security.cert.X509Certificate;

 

publicfinal class DisableSSLCertificateCheckUtil {

 

    privatestatic final Logger LOGGER = LoggerFactory.getLogger(DisableSSLCertificateCheckUtil.class);

 

    /**

     * Prevent instantiation of utility class.

     */

 

    privateDisableSSLCertificateCheckUtil() {

 

    }

 

    /**

     * Disable trust checks for SSL connections.

     */

 

    publicstatic void disableChecks() {

        try{

            newURL("https://0.0.0.0/").getContent();

        }catch(IOException e) {

            // This invocation will always fail, but it will register the

            // default SSL provider to the URL class.

        }

        try{

            SSLContext sslc;

            sslc = SSLContext.getInstance("TLS");

            TrustManager[] trustManagerArray = {newX509TrustManager() {

                @Override

                publicvoid checkClientTrusted(X509Certificate[] chain, String authType) throwsCertificateException {

 

                }

 

                @Override

                publicvoid checkServerTrusted(X509Certificate[] chain, String authType) throwsCertificateException {

 

                }

 

                @Override

                publicX509Certificate[] getAcceptedIssuers() {

                    returnnew X509Certificate[0];

                }

            }};

            sslc.init(null, trustManagerArray, null);

            HttpsURLConnection.setDefaultSSLSocketFactory(sslc.getSocketFactory());

            HttpsURLConnection.setDefaultHostnameVerifier(newHostnameVerifier() {

                @Override

                publicboolean verify(String s, SSLSession sslSession) {

                    returntrue;

                }

            });

        }catch(Exception e) {

            LOGGER.error("error msg:{}", e);

            thrownew IllegalArgumentException("证书校验异常！");

        }

    }

}

调用方式：

1

DisableSSLCertificateCheckUtil.disableChecks();

影响的范围：将会影响整个tomcat里面对证书的验证。即通过tomcat里面的其他项目虽然没有执行这一段代码但是也同样会忽略证书的验证。

影响的时间：执行这段代码之后的所有时间都生效。

原文地址：http://www.importnew.com/24192.html