Table of Contents
How to fix javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
Introduction
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names presentat sun.security.ssl.Alerts.getSSLException(Alerts.java:192)at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
Cause of error
The reason, we get above error is that CN(Common name) defined in your certificate is not matching with the domain the application is running on.
For e.g, In your certificate, the CN name is defined as www.example.com but you may be running the application say a URL which is like http://localhost:8080/api
How to fix the above error
There are 2 easy ways to fix the above error
Use this Command to check what is the CN name defined in your certificate
1 2 3 4 | keytool -printcert -v -file certifcate.crt #Where certificate.crt is the name of your certificate |
You should get some response like this
1 2 3 4 5 6 7 8 9 10 11 | Owner: EMAILADDRESS=postmaster@example.com, CN=www.mydomain.com, OU=organisation, O=my group, L=edinburgh, ST=edinburgh, C=gb Issuer: EMAILADDRESS=postmaster@example.com, CN=www.mydomain.comm, OU=organisation, O= my group, L=edinburgh, ST=edinburgh, C=gb Serial number: dcc3d4ffe7a016f2 Valid from: Tue Jun 26 12:41:05 BST 2018 until: Wed Jun 26 12:41:05 BST 2019 Certificate fingerprints: MD5: 32:FE:3A:35:D6:7F:C0:4A:0D:95:99:10:9A:71:1D:DC SHA1: 10:FF:59:F0:72:83:40:B8:5D:6C:D1:64:33:90:22:17:2B:0E:37:A0 SHA256: C3:1D:34:BA:9D:C4:00:66:9E:C8:91:29:1B:0B:96:5F:D2:00:17:95:DB:72:6E:2C:7B:1E:9B:20:5E:08:1F:60 Signature algorithm name: SHA256withRSA |
Pay close attention to the first line in above output CN=www.mydomain.com, if you are running the application from the above domain, you should not encounter the above error.
So to fix the above error simply use one of the below approaches
- Run the application on the same ‘CN’, as defined in your certificates.
OR
- Along with CN name you can add Subject alt names in your certificate, which is like adding more than one domain in the certificate. Link below describes the process of adding multiple domains(subject-alt-name) to jks file and also to a certificate.
Hi, it’s been three days I got to know about this site. And I’m absolutely loving all the solutions.
Major thanks! Please keep posting �?