Resolving the "java.security.cert.CertificateException: No subject alternative names present" error
If either the Linux or Windows development edition is
installed on a system where DHCP IP is enabled, an error can occur
if the WebSphere® Application Server Liberty Profile server
is restarted after the IP address changes. The error causes a java.security.cert.CertificateException:
No subject alternative names present exception.
Symptoms
If the java.security.cert.CertificateException:
No subject alternative names present exception occurs, attempts
by a remote application to connect to IBM® Intelligent Operations Center through the REST
API will fail. The exception is displayed in a console log file that
is created by the remote application. For example, the exception might
prevent the JUnits application from connecting to IBM Intelligent Operations Center. The JUnits application
displays the exception in a console log file that it creates in Eclipse. The exception
is similar to the following example:
com.ibm.ioc.http.HttpUtils login
INFO: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException:
No subject alternative names present
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
at com.ibm.ioc.http.HttpUtils.login(HttpUtils.java:795)
at com.ibm.ioc.junit.TestCase.login(TestCase.java:227)
at com.ibm.ioc.junit.TestCase.login(TestCase.java:209)
at com.ibm.ioc.junit.datasource.CreateDataSources.setUp(CreateDataSources.java:62)
at csvgenerate.generateDataSource(csvgenerate.java:475)
at csvgenerate.main(csvgenerate.java:459)
Caused by: java.security.cert.CertificateException: No subject alternative names present
at sun.security.util.HostnameChecker.matchIP(Unknown Source)
at sun.security.util.HostnameChecker.match(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(Unknown Source)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
Resolving the problem
- Locate the hosts file in one of the following
locations:
- On Windows, the hosts file is in the C:\Windows\System32\drivers\etc directory.
- On Linux, the hosts file is in the /etc directory.
- Open the hosts file in edit mode and append
the following entry to the file:
<new IP> <host name>
- For <new IP>, substitute the new IP address that is generated by the DHCP server.
- For <host name>, substitute the host name for the solution.
- After you edit and save the hosts file, restart the WebSphere Application Server Liberty Profile server.