java.security.cert.Certificate Exception: No Name Matching Found

Question

I am trying to connect to remote server(https:pathtoremotehost) using spring Rest Template and getting certificate exception. I have added the remote host's certificate to cacerts by using the following command using keytool but the error still persists

keytool -importcert -file myapp.cer -alias myapp -keystore "C:\Program Files\Java\jre1.8.0_161\lib\security\cacerts" -storepass changeit

Here is my code:

@Autowired
RestTemplate restTemplate;

final String ROOT_URI = "https://<<path to remote host>>";



@Override
public Token generateToken()  {
        JSONObject request = new JSONObject();
try {
request.put("username","username");
request.put("password", "password");
} catch (JSONException e) {
e.printStackTrace();
}
// set headers
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON);
HttpEntity<String> entity = new HttpEntity<String>(request.toString(), headers);


ResponseEntity<Token> loginResponse = restTemplate.exchange(ROOT_URI, HttpMethod.POST, entity, Token.class);
System.out.println(loginResponse);
return loginResponse.getBody() ;

}

application.properties

server.ssl.trust-store=C:\\Program Files\\Java\\jre1.8.0_161\\lib\\security\\cacerts
server.ssl.key-password=changeit

Below is my exception

Exception in thread "main" org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://<<pathtoremotehost>>/login": java.security.cert.CertificateException: No name matching <<remotehost>> found; nested exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching <<remotehost>> found
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:732)
    at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:680)
    at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:600)
    at com.myservice.UserServiceImpl.login(UserServiceImpl.java:88)
    at com.myservice.MyApplication.main(MyApplication.java:23)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching <<remotehostname>> found
    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
    at sun.security.ssl.Handshaker.processLoop(Unknown Source)
    at sun.security.ssl.Handshaker.process_record(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
    at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:76)
    at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
    at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:723)
    ... 4 more
Caused by: java.security.cert.CertificateException: No name matching <<remotehost>> found
    at sun.security.util.HostnameChecker.matchDNS(Unknown Source)
    at sun.security.util.HostnameChecker.match(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    ... 19 more

The certificate you received from the server is not a cert for the servername your URL says to connect to. Either you are using the wrong name, or using the right name is reaching the wrong server either by mistake or due to attack, or the right server is using a wrong cert. Find out where you're actually connecting, which may or may not be where you intended to, look at the cert it uses (you can use `keytool -printcert -sslserver $host[:$port]` for that), and if that cert isn't correct, replace it with one that is. — dave_thompson_085, Jul 20 '18 at 21:12
Does this answer your question? [CertificateException: No name matching ssl.someUrl.de found](https://stackoverflow.com/questions/3093112/certificateexception-no-name-matching-ssl-someurl-de-found) — Pino, Nov 26 '21 at 16:00

java.security.cert.Certificate Exception: No Name Matching Found

0 Answers0