sslSSLPeerUnverifiedException_Hostname_1921681313_not_verified_0">javax.net.ssl.SSLPeerUnverifiedException: Hostname 192.168.13.13 not verified:
前言:
之前需求推送数据是采用http:192.168.13.13:8000 后面业务需求修改为
https:192.168.13.13:443
修改后推送数据到第三方报以下异常,
https://192.168.13.13:443/xxx/xxx/datapaaapi/planwork/api/xxx/xxx/inputRet报以下异常
javax.net.ssl.SSLPeerUnverifiedException: Hostname 192.168.13.13 not verified:
certificate: sha256/KOCrAFFGwfP/6ZUw1OJHLJLDJLDSAV7qxmUv6HEh2mKUrTs0=
DN: CN=.dfdsdcom.com.cn, O=中国xxxx有限公司浙江分公司, L=杭州市, ST=浙江省, C=CN
subjectAltNames: [.dfdsdcom.com.cn, zjtelecom.com.cn]
at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:389)
at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337)
at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209)
at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226)
at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106)
at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74)
at okhttp3.internal.connection.RealCall.initExchange o k h t t p ( R e a l C a l l . k t : 255 ) a t o k h t t p 3. i n t e r n a l . c o n n e c t i o n . C o n n e c t I n t e r c e p t o r . i n t e r c e p t ( C o n n e c t I n t e r c e p t o r . k t : 32 ) a t o k h t t p 3. i n t e r n a l . h t t p . R e a l I n t e r c e p t o r C h a i n . p r o c e e d ( R e a l I n t e r c e p t o r C h a i n . k t : 109 ) a t o k h t t p 3. i n t e r n a l . c a c h e . C a c h e I n t e r c e p t o r . i n t e r c e p t ( C a c h e I n t e r c e p t o r . k t : 95 ) a t o k h t t p 3. i n t e r n a l . h t t p . R e a l I n t e r c e p t o r C h a i n . p r o c e e d ( R e a l I n t e r c e p t o r C h a i n . k t : 109 ) a t o k h t t p 3. i n t e r n a l . h t t p . B r i d g e I n t e r c e p t o r . i n t e r c e p t ( B r i d g e I n t e r c e p t o r . k t : 83 ) a t o k h t t p 3. i n t e r n a l . h t t p . R e a l I n t e r c e p t o r C h a i n . p r o c e e d ( R e a l I n t e r c e p t o r C h a i n . k t : 109 ) a t o k h t t p 3. i n t e r n a l . h t t p . R e t r y A n d F o l l o w U p I n t e r c e p t o r . i n t e r c e p t ( R e t r y A n d F o l l o w U p I n t e r c e p t o r . k t : 76 ) a t o k h t t p 3. i n t e r n a l . h t t p . R e a l I n t e r c e p t o r C h a i n . p r o c e e d ( R e a l I n t e r c e p t o r C h a i n . k t : 109 ) a t o k h t t p 3. i n t e r n a l . c o n n e c t i o n . R e a l C a l l . g e t R e s p o n s e W i t h I n t e r c e p t o r C h a i n okhttp(RealCall.kt:255) at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain okhttp(RealCall.kt:255)atokhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)atokhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)atokhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)atokhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)atokhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)atokhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)atokhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)atokhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)atokhttp3.internal.connection.RealCall.getResponseWithInterceptorChainokhttp(RealCall.kt:201)
at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
at com.xxx.xxx.utils.PushInspectionStatisticsUtils.pushTaskInventoryFormWorkPlan(PushInspectionStatisticsUtils.java:39)
at
错误大概意思是:
遇到的问题是由于SSL证书验证失败,具体错误信息是 javax.net.ssl.SSLPeerUnverifiedException: Hostname 192.168.13.13 not verified。这是因为HTTPS请求需要验证服务器的SSL证书,并且检查服务器的主机名与证书中的主机名是否匹配。在你的情况中,证书的 subjectAltNames 中并没有包含你访问的 192.168.13.13 IP 地址,而是包含了 .dfdsdcom.com.cn 和 dfdsdcom.com.cn。
代码如下:
package com.xxx.xx.xx.utils;import com.alibaba.fastjson.JSON;
import com.xx.xx.xx.entity.bo.MajorBo;
import com.xx.xx.xx.entity.bo.xxx;
import lombok.extern.slf4j.Slf4j;
import okhttp3.*;
import org.springframework.util.CollectionUtils;import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;/*** @author laoxu*/
@Slf4j
public class PushInspectionStatisticsUtils {public static PushInventoryResponseBo pushTaskInventoryFormWorkPlan(MajorBo majorBo) {PushInventoryResponseBo responseBo = new PushInventoryResponseBo ();// 1.创建okhttpClientOkHttpClient client = new OkHttpClient();// 2.构建请求头MediaType mediaType = MediaType.parse("application/json;charset=UTF-8");String jsonBody = JSON.toJSONString(majorBo);RequestBody requestBody = RequestBody.create(jsonBody, mediaType);// 3.封装请求头Request request = new Request.Builder().url("http://192.168.13.13:8000/xxx/xxx/datapaaapi/planwork/api/xxx/xxx/inputRet").post(requestBody).addHeader("X-APP-ID", "xxxx").addHeader("X-APP-KEY", "bbbb").build();try {// 4.执行Response response = client.newCall(request).execute();if (response.isSuccessful()) {String responseBody = response.body().string();// TODO:业务逻辑log.info("解析后的 responseBo 对象是:{}", responseBo);}} catch (Exception e) {log.error("推送xxx系统异常:{}", e);}return responseBo;}
}解决方案:
1,使用自签名证书或服务器证书
如果你不想忽略 SSL 验证,也可以考虑将服务器的证书或 CA 证书添加到 Java 的 truststore 中。这样,Java 就会信任该证书,不会抛出 SSLPeerUnverifiedException 错误。
2,使用 OkHttpClient 忽略 SSL 证书验证
package com.xxx.xx.xx.utils;import com.alibaba.fastjson.JSON;
import com.xx.xx.xx.entity.bo.MajorBo;
import com.xx.xx.xx.entity.bo.xxx;
import lombok.extern.slf4j.Slf4j;
import okhttp3.*;
import org.springframework.util.CollectionUtils;import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;/*** @author laoxu*/
@Slf4j
public class PushInspectionStatisticsUtils {public static PushInventoryResponseBo pushTaskInventoryFormWorkPlan(MajorBo majorBo) {PushInventoryResponseBo responseBo = new PushInventoryResponseBo ();// 1.创建okhttpClientOkHttpClient client = createInsecureOkHttpClient();// 2.构建请求头MediaType mediaType = MediaType.parse("application/json;charset=UTF-8");String jsonBody = JSON.toJSONString(majorBo);RequestBody requestBody = RequestBody.create(jsonBody, mediaType);// 3.封装请求头Request request = new Request.Builder().url("http://192.168.13.13:8000/xxx/xxx/datapaaapi/planwork/api/xxx/xxx/inputRet").post(requestBody).addHeader("X-APP-ID", "xxxx").addHeader("X-APP-KEY", "bbbb").build();try {Response response = client.newCall(request).execute();if (response.isSuccessful()) {String responseBody = response.body().string();// TODO:相关业务逻辑log.info("解析后的 responseBo 对象是:{}", responseBo);}} catch (Exception e) {log.error("推送xxx系统异常:{}", e);}return responseBo;}// 创建一个忽略 SSL 验证的 OkHttpClientprivate static OkHttpClient createInsecureOkHttpClient() {try {// 创建一个不验证证书的 TrustManagerTrustManager[] trustAllCertificates = new TrustManager[]{new X509TrustManager() {@Overridepublic X509Certificate[] getAcceptedIssuers() {
// return null;return new X509Certificate[0];}@Overridepublic void checkClientTrusted(X509Certificate[] certs, String authType) {// 允许所有客户端证书}@Overridepublic void checkServerTrusted(X509Certificate[] certs, String authType){// 允许所有客户端证书}}};// 安装不验证证书的 TrustManagerSSLContext sslContext = SSLContext.getInstance("TLS");sslContext.init(null, trustAllCertificates, new java.security.SecureRandom());// 创建一个忽略主机名验证的 OkHttpClientreturn new OkHttpClient.Builder().sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager) trustAllCertificates[0])// 关闭主机名验证.hostnameVerifier((hostname, session) -> true).build();} catch (NoSuchAlgorithmException | KeyManagementException e) {throw new RuntimeException("Failed to create a secure OkHttpClient", e);}}
}喜欢我的文章记得点个在看,或者点赞,持续更新中ing…
