Skip to main content

How to fix javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present

How to fix javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present

Introduction

In this article, we will focus on how to resolve the SSLHandshakeException and possible cause behind it. If you are getting below error, let’s find out how to resolve it.

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names presentat sun.security.ssl.Alerts.getSSLException(Alerts.java:192)at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)

Cause of error

SSL Handshake Exception

The reason, we get above error is that CN(Common name) defined in your certificate is not matching with the domain the application is running on.
For e.g, In your certificate, the CN name is defined as www.example.com but you may be running the application say a URL which is like http://localhost:8080/api

How to fix the above error

There are 2 easy ways to fix the above error

Use this Command to check what is the CN name defined in your certificate

You should get some response like this

Pay close attention to the first line in above output CN=www.mydomain.com, if you are running the application from the above domain, you should not encounter the above error.

So to fix the above error simply use one of the below approaches

  • Run the application on the same ‘CN’, as defined in your certificates.

OR

  • Along with CN name you can add Subject alt names in your certificate, which is like adding more than one domain in the certificate. Link below describes the process of adding multiple domains(subject-alt-name) to jks file and also to a certificate.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Bitnami