堆栈跟踪为:
Caused by: java.security.cert.CertificateException: No subject alternative names present
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:144) ~[na:1.8.0_65]
at sun.security.util.HostnameChecker.match(HostnameChecker.java:93) ~[na:1.8.0_65]
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455) ~[na:1.8.0_65]
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436) ~[na:1.8.0_65]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200) ~[na:1.8.0_65]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[na:1.8.0_65]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) ~[na:1.8.0_65]
解决方案为:your certificate should include that ip value as a subject alternative name value (of type IPAddress : key=7).但是,当我生成证书时,我如何将ip值作为使用者替代名称值包括在内?
我会尝试使用opessl。检查这个网址,你会发现你需要什么。opensslSAN。
看看这部分:文本:
"因此,通过使用通过命令行编写的OpenSSL主题的通用语法,您需要指定以上所有内容(OU是可选的),并添加另一个名为subjectAltName=的部分。通过在subjectAltName字段下添加DNS.n(其中n是一个序列号)条目,您可以添加任意数量的其他"备用名称",即使与主域无关。显然,一级父域将被大多数SSL产品覆盖,除非另有规定。因此,这里有一个生成证书的示例"
openssl req -new -key endpoint.com.key -sha256 -nodes -subj '/C=US/ST=New York/L=New York/O=End Point/OU=Hosting Team/CN=www.endpoint.com/ emailAddress=administrative-not-existent-address@our-awesome-domain.com/ subjectAltName=DNS.1=endpoint.com' > www.endpoint.com.csr