Problem
After Installing a Custom Certificate in JVM, the connection setup failed with the following error message:
WARN ... (DataStore.java:196) - connection fails: Cannot create connection. Reason is java.security.cert.CertificateException: No subject alternative names present, No subject alternative names present java.lang.RuntimeException: Cannot create connection. Reason is java.security.cert.CertificateException: No subject alternative names present, No subject alternative names present
Cause
Java enforces that the certificate has a Subject Alternative Name (SAN) entry for the IP address.
Troubleshooting
Check the certificate via
openssl s_client -connect <ip>:<port> | openssl x509 -text -noout
Background Information
When accessing a service using the IP address on the URL if the SSL certificate does not contain the Subject Alternative Name (SAN) [1][2] parameter with the matching IP address as an alternative attribute (rather than the domain contained in the SSL certificate), an error occurs.
Comments
0 comments
Please sign in to leave a comment.