主机名 localhost 未验证答案

【问题标题】：Hostname localhost not verified主机名 localhost 未验证
【发布时间】：2020-11-15 01:47:03
【问题描述】：

我使用以下命令生成了用于 TLS 通信的 Java 密钥库文件：

keytool -genkeypair -alias presto -keyalg RSA -keystore keystore.jks

Enter keystore password:  
Re-enter new password: 
What is your first and last name?
  [Unknown]:  presto-coordinator.example.com
What is the name of your organizational unit?
  [Unknown]:  
What is the name of your organization?
  [Unknown]:  
What is the name of your City or Locality?
  [Unknown]:  
What is the name of your State or Province?
  [Unknown]:  
What is the two-letter country code for this unit?
  [Unknown]:  
Is CN=presto-coordinator.example.com, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes

在进行 https 调用时出现此错误：

Error running command: javax.net.ssl.SSLPeerUnverifiedException: Hostname localhost not verified:
    certificate: sha256/yowvqYOtr5pERHGb2zWsD4haTvCk2NFbSDkqkeB5boY=
    DN: CN=presto-coordinator.example.com, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
    subjectAltNames: []

如何验证我的本地主机？

【问题讨论】：

您是否使用localhost 或presto-coordinator.example.com 访问您的应用程序？

标签： https certificate keytool

【解决方案1】：

您似乎遇到了本主题中提到的类似问题：Certificate for <localhost> doesn't match any of the subject alternative names

主机 localhost 无法访问或不受信任，因为它不在 SAN（主题备用名称）字段中。您可以通过在创建密钥库时提供附加参数来解决此问题，例如使用 -ext "SAN:c=DNS:localhost,IP:127.0.0.1"

你能用下面的命令重试吗：

keytool -genkeypair -alias presto -keyalg RSA -keystore keystore.jks -ext "SAN:c=DNS:localhost,IP:127.0.0.1"

【讨论】：