wsimport from https: [ERROR] java.security.cert.CertificateException: 不存在主题替代名称
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/14456789/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
wsimport from https: [ERROR] java.security.cert.CertificateException: No subject alternative names present
提问by kostepanych
I'm trying to generate a webservice client using wsimport from https wsdl:
我正在尝试使用来自 https wsdl 的 wsimport 生成网络服务客户端:
call wsimport -d bin -s src -p mypackage.ws https://x.x.x.x:8181/services/SomeService?wsdl
For solving security errors I added a server's certificate to Java's keystore:
为了解决安全错误,我在 Java 的密钥库中添加了一个服务器证书:
keytool -import -keystore c:\Java\jdk1.6.0_38\jre\lib\security\cacerts -file c:\ca-dev.crt
But when I do wsimport error appears:
但是当我做 wsimport 时出现错误:
[ERROR] java.security.cert.CertificateException: No subject alternative names present
[错误] java.security.cert.CertificateException:不存在主题替代名称
Failed to read the WSDL document: https://x.x.x.x:8181/services/SomeService?wsdl, because 1) could not find the document; /2) the document could not be read; 3) the root element of the document is not .
无法读取 WSDL 文档:https://xxxx:8181/services/SomeService?wsdl,因为 1) 找不到文档;/2) 无法读取文件;3) 文档的根元素不是 。
[ERROR] failed.noservice=Could not find wsdl:service in the provided WSDL(s):
[ERROR] failed.noservice=无法在提供的 WSDL 中找到 wsdl:service:
At least one WSDL with at least one service definition needs to be provided.
需要提供至少一个具有至少一个服务定义的 WSDL。
Failed to parse the WSDL.
SOLVED!Added entry with name same as certificate's CN to hosts file.
解决了!将名称与证书 CN 相同的条目添加到主机文件中。
回答by VGR
An SSL certificate is based on hostnames. Either the certificate's CN must be the hostname you are trying to access, or it must have an optional Subject Alternative Name entry which exactly matches the hostname you are trying to access.
SSL 证书基于主机名。证书的 CN 必须是您尝试访问的主机名,或者它必须具有与您尝试访问的主机名完全匹配的可选主题备用名称条目。
If possible, make sure the hostname in your https URL exactly matches the CN or one of the Subject Alternative Names in the certificate. Many certificates have no Subject Alternative Names, so don't stress if you can't find any when you examine the certificate.
如果可能,请确保您的 https URL 中的主机名与 CN 或证书中的主题备用名称之一完全匹配。许多证书没有主题备用名称,因此如果您在检查证书时找不到任何名称,请不要紧张。
Sometimes referring to the hostname in this manner isn't possible, such as when port 8181 is only accessible inside a LAN and referring to the machine by its full and proper hostname would use an Internet route to reach it. As far as I know, there is no command-line means of disabling certificate checking. One (obviously non-portable) workaround is to add an entry to your hostsfile, which is typically located at %SystemRoot%\system32\drivers\etc\hostsin Windows, so you can refer to the server with the hostname that is in the certificate.
有时以这种方式引用主机名是不可能的,例如当端口 8181 只能在 LAN 内访问并且通过完整和正确的主机名引用机器时,将使用 Internet 路由来访问它。据我所知,没有禁用证书检查的命令行方法。一种(显然不可移植的)解决方法是向您的hosts文件中添加一个条目,该条目通常位于%SystemRoot%\system32\drivers\etc\hostsWindows 中,因此您可以使用证书中的主机名来引用服务器。
