Win a copy of Five Lines of Code this week in the OO, Patterns, UML and Refactoring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

Two-way SSL authentication

 
Greenhorn
Posts: 23
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I'm currently trying to implement a client to connect to an outside restful service with two-way authentication. Testing using the server company's sample client, which uses Apache CXF, works fine and I can send messages. I'm trying to build a more lightweight client than their sample, however, so I don't want to use CXF. However, without using CXF, I'm getting a CertificateException, "No subject alternative names present," which my research indicates usually means there's an issue with the cert. But I know the client and server certs work, since they work in the sample client. And my code uses the same code to build the keystore and the truststore as theirs.

Any ideas as to why I would be getting this error?

My client code is below:

 
Matt Dalen
Greenhorn
Posts: 23
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok, I figured it out. It's a problem in the cert; the example code bypassed the CN check and my code didn't, so it worked in the example code.
 
Matt Dalen
Greenhorn
Posts: 23
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Apparently the cert they gave me did not have the URL in the CN field and didn't include a subject alternative names field. For testing purposes, I was able to bypass this by setting a custom Hostname Verifier:

 
author & internet detective
Posts: 40035
809
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Interesting problem/solution. I gave you a cow for sharing it.
 
Consider Paul's rocket mass heater.
    Bookmark Topic Watch Topic
  • New Topic