Certificate for ＜xx.xxx.xxx.xxx＞ doesn‘t match any of the subject alternative names: [xx.xxxx.xxxx.

Posted 2022-11-24 Biexiansheng

1、 用HttpClient发送Https请求报SSLException: Certificate for <域名> doesn't match any of the subject alternative names问题的解决，报错，如下所示：

 1 javax.net.ssl.SSLPeerUnverifiedException:  Certificate for <xx.xxx.xxx.xxx> doesn't match any of the subject alternative names: [xx.xxxx.xxxx.com]
 2     at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507)
 3     at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437)
 4     at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
 5     at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
 6     at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
 7     at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
 8     at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
 9     at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
10     at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
11     at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
12     at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
13     at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
14     at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)

2、使用Apache HttpClient做https的Post请求，调用代码就报上面的错误。

　　可以参考链接：java - javax.net.ssl.SSLException: Certificate doesn't match any of the subject alternative names - Stack Overflow

　　代码参考，需要特别注意的是SSLContexts引入的httpcore-4.4.14.jar包，如下所示：

 1 package com.xxx.main.httpclient;
 2 
 3 import org.apache.http.conn.ssl.NoopHostnameVerifier;
 4 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 5 import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
 6 import org.apache.http.impl.client.CloseableHttpClient;
 7 import org.apache.http.impl.client.HttpClients;
 8 import org.apache.http.ssl.SSLContexts;
 9 
10 public class HttpClientMain 
11 
12 
13     public static void testShared(String catalogId, String appKey, String secret) throws Exception 
14         CloseableHttpClient httpClient = null;
15 
16         // 解决httpClient发送https错误的问题
17         SSLConnectionSocketFactory scsf = new SSLConnectionSocketFactory(
18                 SSLContexts.custom().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build(),
19                 NoopHostnameVerifier.INSTANCE);
20         httpClient = HttpClients.custom().setSSLSocketFactory(scsf).build();
21         
22         // .......
23 
24     
25 
26 
27