Certificate for * doesn't match any of the subject alternative names

小感触 2020年03月06日 378次浏览

今天使用Http连接池发起Get请求,来调用公司公共平台发信接口,出现了异常:

Certificate for *** doesn't match any of the subject alternative names: [*.dealskidka.com, dealskidka.com]

查阅资料有的说是因为HttpClient 4.4.1版本的bug,但是自己使用的版本已经是4.5.3了,即便是Bug也应该修复了。最后的解决方案是配置一下CloseableHttpClient对象,为连接管理器注册一个新的SSLConnectionSocketFactory对象,针对CloseableHttpClient对象的整体配置如下:

@Bean
public CloseableHttpClient getCloseableHttpClient(
	@Qualifier("httpClientBuilder") HttpClientBuilder httpClientBuilder) throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
        SSLConnectionSocketFactory scsf = new SSLConnectionSocketFactory(
                SSLContexts.custom().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build(),
                NoopHostnameVerifier.INSTANCE);

        Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
                .register("http", PlainConnectionSocketFactory.INSTANCE)
                .register("https", scsf)
                .build();
        final PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(registry);

        return httpClientBuilder.setConnectionManager(connectionManager).build();
}

在进行这样的配置之后,发起请求就不会再出现这样的问题。