如果使用HTTPClient工具时,请求的域名和颁发证书时的域名不一样时会提示:
javax.net.ssl.SSLPeerUnverifiedException: Host name 'XXX.com' does not match the certificate subject provided by the peer (CN=*.XXX.com)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:465)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:395)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
这个问题,我们只需要在构建SSLConnectionSocketFactory
时忽略一下证书就可以了。
private static SSLConnectionSocketFactory createSSLConnSocketFactory() {
SSLContext sslContext = null;
SSLConnectionSocketFactory sslFactory = null;
try {
sslContext = org.apache.http.ssl.SSLContextBuilder.create().loadTrustMaterial(null, new TrustStrategy() {
// 信任所有证书
public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
return true;
}
}).build();
} catch (Exception e) {
logger.error("创建SSL工程异常", e);
}
sslFactory = new SSLConnectionSocketFactory(sslContext);
return sslFactory;
}
创建HttpClient时使用
CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(createSSLConnSocketFactory()).build()