0

I am trying to hit the url using URLConnection using below code, getting the error as ,

java.io.IOException: HTTPS hostname wrong:  should be <XXXX.XXXX.XXX>
    at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
    at protocol.URL_Certificate.main(URL_Certificate.java:55)

public class URL_Certificate {
    public static void main(String[] args) {
        String urlPlugin = "https://XXXX.XXXX.XXX/signin";

        try {
            // Create a trust manager that does not validate certificate chains
            final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
                @Override
                public void checkClientTrusted(final X509Certificate[] chain,
                        final String authType) {
                }

                @Override
                public void checkServerTrusted(final X509Certificate[] chain,
                        final String authType) {
                }

                @Override
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            } };

            // Install the all-trusting trust manager
            final SSLContext sslContext = SSLContext.getInstance("SSL");
            sslContext.init(null, trustAllCerts,
                    new java.security.SecureRandom());
            // Create an ssl socket factory with our all-trusting manager
            final SSLSocketFactory sslSocketFactory = sslContext
                    .getSocketFactory();

            InputStream input;
            BufferedReader br;
            String line = "";

            // All set up, we can get a resource through https now:
            final URLConnection urlCon1 = new URL(urlPlugin).openConnection();
            // Tell the url connection object to use our socket factory which
            // bypasses security checks
            ((HttpsURLConnection) urlCon1)
                    .setSSLSocketFactory(sslSocketFactory);

            input = urlCon1.getInputStream();
            br = new BufferedReader(new InputStreamReader(input));
            line = "";
            while ((line = br.readLine()) != null) {
                // TODO: Need to Remove
                System.out.println(line);

            }
            br.close();
            input.close();

        } catch (final Exception e) {
            e.printStackTrace();
        }
    }
}

I can able to get the response on hitting url in browser, but not able via code.... In above code i have skipped the certificate validation too..

TikTik
  • 347
  • 2
  • 8
  • 22

2 Answers2

0

Maybe the SSL ceriticate has been setup for a subdomain or the other way around?

Is it the right url you're write here:

String urlPlugin = "https://XXXX.XXXX.XXX/signin";
Martin
  • 630
  • 6
  • 17
-3

You might also need to override the hostname verifier:

sslSocketFactory.setHostnameVerifier(new HostnameVerifier() {
    public boolean verify(String hostname, SSLSession session) {
      return true;
    }
};

There is bug in java 1.7 that can generate this error even when you have done everything right. The workaround is to disable the SNI extension with:

"-Djsse.enableSNIExtension=false"
Darin
  • 33
  • 3
  • 2
    That "overrid[ing] the hostname verifier" appears to be turning it off; it reads to me as, "accept any hostname as being the one I'm trying to connect to" Turning off security is not generally the right answer for security problems. – cjs May 17 '17 at 23:31