javax.net.ssl.SSLPeerUnverifiedException: Hostname not verified:

前端 未结 2 1134
独厮守ぢ
独厮守ぢ 2020-12-29 07:15

I am trying to use HTTPS connection with self-signed certificate.
I have followed steps of creating self-signed certificate as mentioned here - Creating Sel

相关标签:
2条回答
  • 2020-12-29 07:40

    Self signed certificates are ideally for development only. You can't go live with it, because you know it's not verified, apps and browsers won't trust you without the CA's approving you.

    So, this is not a 'solution' for your live app, but only to test if it works (and will work with a valid cert, if and when you get one). Because you're allowing all hostnames (or at the least, hardcoded hostnames if you restrict it to a few) and both are bad.

    Do you plan on having to use a self signed cert in your live app too?

    0 讨论(0)
  • 2020-12-29 07:51

    Interestingly, if the request host is an IP, "CN" is not used to match it; instead,

    http://tools.ietf.org/html/rfc2818#section-3.1

    the iPAddress subjectAltName must be present in the certificate and must exactly match the IP in the URI"

    If you use java's keytool, it can be done by

    keytool -genkeypair  -ext SAN=IP:195.xx.xx.xx    ........
    

    NullHostNameVerifier is also ok for you use case. You client is trusting only one certificate; as long as the connection uses that certificate, you are secure; host name doesn't matter here.

    0 讨论(0)
提交回复
热议问题