javax.net.ssl.SSLException: Certificate for <> doesn't match any of the subject alternative names: []

java ssl https rest-assured

15,464

Solution 1

This issue is because of,our company configured new servers ,but did not included DNS in server cert.So my company include server names in cert.Now it is working.

Solution 2

According to RFC 2818 (the HTTPS specification):

If the hostname is available, the client MUST check it against the server's identity as presented in the server's Certificate message, in order to prevent man-in-the-middle attacks... If a subjectAltName extension of type dNSName is present, that MUST be used as the identity. Otherwise, the (most specific) Common Name field in the Subject field of the certificate MUST be used. Although the use of the Common Name is existing practice, it is deprecated and Certification Authorities are encouraged to use the dNSName instead.

You should generate certificate with SAN extension containing all hostnames where you're planning to use the certificate:

keytool -genkeypair \
    -keystore server-keystore.pkcs12 \
    -deststoretype pkcs12 \
    -dname "CN=mydomain.local" \
    -keypass changeit \
    -storepass changeit \
    -keyalg RSA \
    -validity 1825 \
    -keysize 4096 \
    -alias mydomain.local \
    -ext SAN=dns:mydomain.local,dns:mydomain.dev,dns:mydomain.test,dns:localhost

15,464

Author by

Rocky4Ever

Updated on July 02, 2022

Comments

Rocky4Ever almost 2 years

When I try to Hit the URL using Postman it works fine,by using my personal cert.But when I tried the same using Rest Assured test case it is throwing the above exception.

Configuration Class

public class Configuration {

    protected SSLConfig config = null;
    private static final Logger LOG = LoggerFactory.getLogger(Configuration.class);

    @SuppressWarnings("deprecation")
    @BeforeClass
    public void setKeystore()

    {
        KeyStore keyStore = null;

        KeyStore trustStore = null;
        try {
            String certPassword = System.getProperty("certPassword");
            String certPath = System.getProperty("certPath");

            String trustStorePassword = System.getProperty("trustStorePassword");
            String trustStorePath = System.getProperty("trustStorePath");
            Validate.notNull(certPath, "Path to Certificate on the file system cannot be null");
            Validate.notEmpty(certPassword, "Password cannot be empty");
            Validate.notNull(trustStorePath, "Path to trustStore on the file system cannot be null");
            Validate.notEmpty(trustStorePassword, "TrustStore Password cannot be empty");

            keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new FileInputStream(certPath), certPassword.toCharArray());
            trustStore = KeyStore.getInstance("JKS");
            trustStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray());

            if (keyStore != null) {

                org.apache.http.conn.ssl.SSLSocketFactory clientAuthFactory = new org.apache.http.conn.ssl.SSLSocketFactory(
                        keyStore, certPassword, trustStore);
                config = new SSLConfig().with().sslSocketFactory(clientAuthFactory).and().allowAllHostnames();

            }
            EnvironmentConstants.getEnvironment();

        } catch (Exception e) {
            LOG.error("Error while loading keystore");
            e.printStackTrace();
        }
    }

    @BeforeTest
    public Properties loadproperties() {

        InputStream input = getClass().getClassLoader().getResourceAsStream("errorMessages.properties");
        Properties properties = new Properties();
        try {
            properties.load(input);
        } catch (IOException e) {
            e.printStackTrace();
        }
        return properties;
    }

}