SourceForge has been redesigned. Learn more.
Close

Exception accessing WebServices in EJBCA 4.0.16

Help
Roman
2013-09-12
2014-05-20
  • Roman

    Roman - 2013-09-12

    When I'm trying to initialize a web service through:

    EjbcaWSService service = new EjbcaWSService(new URL(urlstr),qname);

    I've got the following exception:

    javax.xml.ws.WebServiceException: Failed to access the WSDL at: https://localhost:8443/ejbca/ejbcaws/ejbcaws?wsdl. It failed with:
    Got java.security.cert.CertificateException: No subject alternative names matching IP address localhost found while opening stream from https://localhost:8443/ejbca/ejbcaws/ejbcaws?wsdl.

    My JKS keystore that I'm using containg a certificate of superadministrator with Subject Alternative Name = iPAddress=localhost.

    What is the reason that I can't initialize WebServices?

    Here is full exception log:

    javax.xml.ws.WebServiceException: Failed to access the WSDL at: https://localhost:8443/ejbca/ejbcaws/ejbcaws?wsdl. It failed with:
    Got java.security.cert.CertificateException: No subject alternative names matching IP address localhost found while opening stream from https://localhost:8443/ejbca/ejbcaws/ejbcaws?wsdl.
    at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Unknown Source)
    at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown Source)
    at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown Source)
    at com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown Source)
    at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
    at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
    at com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unknown Source)
    at javax.xml.ws.Service.<init>(Unknown Source)
    at org.ejbca.core.protocol.ws.client.gen.EjbcaWSService.<init>(EjbcaWSService.java:36)
    at org.sio2.ejbca.WebServiceConnection.init(WebServiceConnection.java:227)
    at org.sio2.ejbca.WebServiceConnection.getEndEntityProfiles(WebServiceConnection.java:372)
    at org.sio2.ejbca.SelectEndEntityProfilePage.getJComboBoxEndEntityProfiles(SelectEndEntityProfilePage.java:189)
    at org.sio2.ejbca.SelectEndEntityProfilePage.initialize(SelectEndEntityProfilePage.java:80)
    at org.sio2.ejbca.SelectEndEntityProfilePage.<init>(SelectEndEntityProfilePage.java:61)
    at org.sio2.ejbca.CreateEndEntityWizard$SiO2TestFactory.<init>(CreateEndEntityWizard.java:138)
    at org.sio2.ejbca.CreateEndEntityWizard$SiO2TestFactory.<init>(CreateEndEntityWizard.java:132)
    at org.sio2.ejbca.CreateEndEntityWizard.<init>(CreateEndEntityWizard.java:54)
    at org.sio2.ejbca.MainFrame$2.actionPerformed(MainFrame.java:410)
    at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
    at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
    at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
    at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
    at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
    at java.awt.Component.processMouseEvent(Unknown Source)
    at javax.swing.JComponent.processMouseEvent(Unknown Source)
    at java.awt.Component.processEvent(Unknown Source)
    at java.awt.Container.processEvent(Unknown Source)
    at java.awt.Component.dispatchEventImpl(Unknown Source)
    at java.awt.Container.dispatchEventImpl(Unknown Source)
    at java.awt.Component.dispatchEvent(Unknown Source)
    at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
    at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
    at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
    at java.awt.Container.dispatchEventImpl(Unknown Source)
    at java.awt.Window.dispatchEventImpl(Unknown Source)
    at java.awt.Component.dispatchEvent(Unknown Source)
    at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
    at java.awt.EventQueue.access$200(Unknown Source)
    at java.awt.EventQueue$3.run(Unknown Source)
    at java.awt.EventQueue$3.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
    at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
    at java.awt.EventQueue$4.run(Unknown Source)
    at java.awt.EventQueue$4.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
    at java.awt.EventQueue.dispatchEvent(Unknown Source)
    at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
    at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
    at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
    at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
    at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
    at java.awt.EventDispatchThread.run(Unknown Source)
    Caused by: java.io.IOException: Got java.security.cert.CertificateException: No subject alternative names matching IP address localhost found while opening stream from https://localhost:8443/ejbca/ejbcaws/ejbcaws?wsdl
    at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(Unknown Source)
    at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(Unknown Source)
    ... 53 more
    Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address localhost found
    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
    at sun.security.ssl.Handshaker.processLoop(Unknown Source)
    at sun.security.ssl.Handshaker.process_record(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
    at java.net.URL.openStream(Unknown Source)
    ... 55 more
    Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address localhost found
    at sun.security.util.HostnameChecker.matchIP(Unknown Source)
    at sun.security.util.HostnameChecker.match(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    ... 68 more

     
  • liwf

    liwf - 2014-05-20

    The same problem. I hope someone answer!!help help!

     
  • Tomas Gustavsson

    "No subject alternative names matching IP address localhost found while opening"...

    This means you do not have a correct server certificate. SSL/TLS is tricky in that you need to have proper sevrer certificates with the correct information in. I.e. you can not have one ip address in the server certificate, and try to use another ip address connecting to the server. I recommend to use DNS hostnames and have the correct DNS hostname in the server certificates.

    Cheers,
    Tomas


    Save time and money with an Enterprise support subscription. Please see www.primekey.se for more information.
    http://www.primekey.se/Products/EJBCA+PKI/
    http://www.primekey.se/Services/Support/

     

Log in to post a comment.