使用HttpClient携带pfx证书通过Https协议发送SOUP报文调用WebService接口时报如下错误:
Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: Certificate for <IP地址> doesn't match any of the subject alternative names: [域名] at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:467) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:397) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) at vodafone.KeystoreUtil.main(KeystoreUtil.java:76)
问题分析:
颁发的证书是给制定域名的而非IP地址,因为服务器没有加入Public DNS,所以域名无法访问,我在调用接口时直接使用了IP地址,而不是域名。
问题解决:
在hosts配置文件中添加IP地址和域名的映射记录,在调用接口时使用域名进行调用,发现问题解决。