问题描述:
java项目调用微信api的域名接口正常: String wxAccessTokenUrl = "https://api.weixin.qq.com/cgi-bin/token?"; 因项目要求采用ip访问外部服务,所以ping api.weixin.qq.com 得到域名对应的ip为101.91.37.13, 所以替换java调用api接口为:"https://101.91.37.13/cgi-bin/token?";
此时项目代码调用api接口为:"https://101.91.37.13/cgi-bin/token?",发出http请求后报错,内容如下:
javax.net.ssl.SSLPeerUnverifiedException: Certificate for <101.91.37.13> doesn't match any of the subject alternative names: [mp.weixin.qq.com, *.api.weixin.qq.com, *.mp.weixin.qq.com, *.open.weixin.qq.com, *.wechat.com, *.weixin.qq.com, mp.weixinbridge.com, rd.wechatapp.com, servicewechat.com]
解决办法
1. 修改请求的域名/ip,使证书可以覆盖到。
2. 设置证书的SAN,覆盖到请求的域名/ip。
3. 从代码上,要从调用HttpClient的代码入手,单独处理下信任所有证书,关闭主机名校验,就能通过验证了。 代码:
//信任所有证书,关闭主机名校验
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
SSLContexts.custom().loadTrustMaterial(null,new TrustSelfSignedStrategy()).build(),
NoopHostnameVerifier.INSTANCE);
// 创建Httpclient对象
CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
// CloseableHttpClient httpclient = HttpClients.createDefault();--------------------------------------
参考解决:用HttpClient发送HTTPS请求报SSLException: Certificate for <域名> doesn‘t match any of the subject alternative_飞奔的大土豆的博客-CSDN博客
参考思路:httpClient,Certificate for ip/域名 doesn't match any of the subject altinative names: []问题处理_马路上开飞机的博客-CSDN博客文章来源:https://www.toymoban.com/news/detail-523390.html
javax.net.ssl.SSLPeerUnverifiedException: Certificate for <IP> doesn't match common name of t_shenqs0403的博客-CSDN博客文章来源地址https://www.toymoban.com/news/detail-523390.html
到了这里,关于java调用https服务的ip地址报错证书问题解决:SSLPeerUnverifiedException: Certificate fo的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!
