如何解析 <*> 的证书与任何主题替代名称都不匹配：[*]？答案

【问题标题】：How to resolve certificate for <*> doesn't match any of the subject alternative names: [*]?如何解析 <*> 的证书与任何主题替代名称都不匹配：[*]？
【发布时间】：2021-04-22 05:23:57
【问题描述】：

我正在尝试将文件上传到 ASM 拓扑中的文件观察器。但是当 httpclient 执行时它会给出这个错误。这是完整的错误：-

java.lang.IllegalStateException: Failed to execute ApplicationRunner
    at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:813) ~[spring-boot-2.4.5.jar:2.4.5]
    at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:800) ~[spring-boot-2.4.5.jar:2.4.5]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:346) ~[spring-boot-2.4.5.jar:2.4.5]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1340) ~[spring-boot-2.4.5.jar:2.4.5]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1329) ~[spring-boot-2.4.5.jar:2.4.5]
    at com.verizon.VcpOpsFileUploadApplication.main(VcpOpsFileUploadApplication.java:20) ~[classes/:na]
Caused by: javax.net.ssl.SSLPeerUnverifiedException: Certificate for <noi-topology.noi.apps.cluster1.ibm.dfwt5g.lab> doesn't match any of the subject alternative names: [*.apps.cluster1.ibm.dfwt5g.lab]
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) ~[httpclient-4.5.13.jar:4.5.13]
    at com.verizon.controller.ASMFileUploadController.uploadFile(ASMFileUploadController.java:44) ~[classes/:na]
    at com.verizon.VcpOpsFileUploadApplication.run(VcpOpsFileUploadApplication.java:25) ~[classes/:na]
    at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:810) ~[spring-boot-2.4.5.jar:2.4.5]
    ... 5 common frames omitted

【问题讨论】：

标签： java curl http-post

【解决方案1】：

通配符证书仅适用于一个级别。 *.example.com 将匹配 foo.example.com 和 bar.example.com，但不会匹配 foo.bar.example.com。

您的*.apps.cluster1.ibm.dfwt5g.lab 通配符证书将与noi-topology.noi.apps.cluster1.ibm.dfwt5g.lab 不匹配，因为* 与noi-topology.noi 不匹配。

您需要*.noi.apps.cluster1.ibm.dfwt5g.lab 的通配符证书，或者需要将域名更改为 e.g. noi-topology.apps.cluster1.ibm.dfwt5g.lab.

【讨论】：

谢谢@Andreas 我可以访问该网址，但我有内容类型错误
@AmanpreetKaur 这听起来像是一个完全不同的问题，所以我建议你创建一个完全不同的问题，解释你的新问题。