1、No subject alternative names present
2、PKIX path building failed
3、unable to find valid certification path to requested target
一般来说以上错误都和https的证书验证有关,有时候在windows会报错,有时候在windows正常,但到了服务器才会报错。
解决:
1、正规途径解决
(1)浏览器访问https网站,导出证书,然后再导入到服务器。
(2)请求前加以下代码:
System.setProperty("javax.net.ssl.trustStore", "D:\\ProgramFiles\\Java\\jdk1.6.0_31\\jre\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
//发起https请求
由于现实开发环境可能相当复杂,该方法有时会很难执行下去。
2、绕过证书验证
private static SSLSocketFactory createSSLSocketFactory() throws Exception {
javax.net.ssl.TrustManager[] trustAllCerts = {new X509TrustManager(){
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
return;
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
return;
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}};
javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, null);
return sc.getSocketFactory();
}
//发起请求前加入以下代码
HttpsURLConnection.setDefaultHostnameVerifier((hostname, sslsession) -> true);
HttpsURLConnection.setDefaultSSLSocketFactory(createSSLSocketFactory());
//发起你的https请求。
该方法在做webservice时帮助解决了问题,亲测可行。