使用HttpClient攜帶pfx證書通過Https協議發送SOUP報文調用WebService接口時報如下錯誤:
Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: Certificate for <IP地址> doesn't match any of the subject alternative names: [域名] at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:467) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:397) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) at vodafone.KeystoreUtil.main(KeystoreUtil.java:76)
問題分析:
頒發的證書是給制定域名的而非IP地址,因為服務器沒有加入Public DNS,所以域名無法訪問,我在調用接口時直接使用了IP地址,而不是域名。
問題解決:
在hosts配置文件中添加IP地址和域名的映射記錄,在調用接口時使用域名進行調用,發現問題解決。