Resolving the "java.security.cert.CertificateException: No subject alternative names present" error

If either the Linux or Windows development edition is installed on a system where DHCP IP is enabled, an error can occur if the WebSphere® Application Server Liberty Profile server is restarted after the IP address changes. The error causes a java.security.cert.CertificateException: No subject alternative names present exception.

Symptoms

If the java.security.cert.CertificateException: No subject alternative names present exception occurs, attempts by a remote application to connect to IBM® Intelligent Operations Center through the REST API will fail. The exception is displayed in a console log file that is created by the remote application. For example, the exception might prevent the JUnits application from connecting to IBM Intelligent Operations Center. The JUnits application displays the exception in a console log file that it creates in Eclipse. The exception is similar to the following example:
com.ibm.ioc.http.HttpUtils login
 INFO: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: 
 No subject alternative names present
 at sun.security.ssl.Alerts.getSSLException(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
 at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
 at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
 at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
 at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
 at sun.security.ssl.Handshaker.processLoop(Unknown Source)
 at sun.security.ssl.Handshaker.process_record(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
 at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
 at com.ibm.ioc.http.HttpUtils.login(HttpUtils.java:795)
 at com.ibm.ioc.junit.TestCase.login(TestCase.java:227)
 at com.ibm.ioc.junit.TestCase.login(TestCase.java:209)
 at com.ibm.ioc.junit.datasource.CreateDataSources.setUp(CreateDataSources.java:62)
 at csvgenerate.generateDataSource(csvgenerate.java:475)
 at csvgenerate.main(csvgenerate.java:459)
 Caused by: java.security.cert.CertificateException: No subject alternative names present
 at sun.security.util.HostnameChecker.matchIP(Unknown Source)
 at sun.security.util.HostnameChecker.match(Unknown Source)
 at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
 at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(Unknown Source)
 at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)

Resolving the problem

  1. Locate the hosts file in one of the following locations:
    • On Windows, the hosts file is in the C:\Windows\System32\drivers\etc directory.
    • On Linux, the hosts file is in the /etc directory.
  2. Open the hosts file in edit mode and append the following entry to the file:
    <new IP>       <host name>
    • For <new IP>, substitute the new IP address that is generated by the DHCP server.
    • For <host name>, substitute the host name for the solution.
  3. After you edit and save the hosts file, restart the WebSphere Application Server Liberty Profile server.