1

While calling the client wsdl geting this error. I have provided key trust pair still getting this error.

System.setProperty("javax.net.ssl.trustStore", "path to .jks");
System.setProperty("javax.net.ssl.trustStorePassword", "passowrd");
System.setProperty("javax.net.ssl.keyStore",  "path to .jks");
System.setProperty("javax.net.ssl.keyStorePassword", "password");
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true"); 

final KeyStore keyStore = KeyStore.getInstance("JKS");  
keyStore.load(new FileInputStream("path to .jks"), "password".toCharArray());
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, "password".toCharArray());

final KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream("path to .jks"), "password".toCharArray());
final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);

final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());

final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
final SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket("abc.com", 5580);
sslSocket.startHandshake();
G0elAyush
  • 53
  • 1
  • 8
  • What CN (and SANs) does abc.com's certificate specify? – Oliver Charlesworth Aug 07 '16 at 13:51
  • in certificate it is same as i have provide in place of abc.com – G0elAyush Aug 07 '16 at 13:58
  • But crucially, is that an IP address or an actual hostname? – Oliver Charlesworth Aug 07 '16 at 14:12
  • Specifically, the exception message you're reporting can only be triggered if you're providing an IP address rather than a hostname (see `HostnameChecker` source), which implies that you're seeing the same problem as this question: http://stackoverflow.com/questions/8443081/how-are-ssl-certificate-server-names-resolved-can-i-add-alternative-names-using) – Oliver Charlesworth Aug 07 '16 at 14:20
  • it is hostname. in the HostnameChecker it check for paramX509Certificate.getSubjectAlternativeNames() which is null in this case. so how to set this value. – G0elAyush Aug 07 '16 at 14:46

0 Answers0