java.security.cert.CertificateException: No name matching localhost found

Problem

Configured Tomcat to support SSL and deployed this simple hello world web service. And use following client connect to the deployed web service over SSL connection :


package com.mkyong.client;

import java.net.URL;
import javax.xml.namespace.QName;
import javax.xml.ws.Service;

import com.mkyong.ws.HelloWorld;

public class HelloWorldClient{
	
	public static void main(String[] args) throws Exception {
	   
	URL url = new URL("https://localhost:8443/HelloWorld/hello?wsdl");
        QName qname = new QName("http://ws.mkyong.com/", "HelloWorldImplService");

        Service service = Service.create(url, qname);
        HelloWorld hello = service.getPort(HelloWorld.class);
        System.out.println(hello.getHelloWorldAsString());
       
    }
}

It hits “No name matching localhost found” exception :


Caused by: javax.net.ssl.SSLHandshakeException: 
    java.security.cert.CertificateException: No name matching localhost found
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
	......
Caused by: java.security.cert.CertificateException: No name matching localhost found
	at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:210)
	at sun.security.util.HostnameChecker.match(HostnameChecker.java:77)
	......

Solution

This problem and solution is well explained in this article, you can use a Transport Security (SSL) Workaround for your “localhost” development environment.

To fix it, add a javax.net.ssl.HostnameVerifier() method to override the existing hostname verifier like this :


package com.mkyong.client;

import java.net.URL;
import javax.xml.namespace.QName;
import javax.xml.ws.Service;

import com.mkyong.ws.HelloWorld;

public class HelloWorldClient{
	
	static {
	    //for localhost testing only
	    javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
	    new javax.net.ssl.HostnameVerifier(){

	        public boolean verify(String hostname,
	                javax.net.ssl.SSLSession sslSession) {
	            if (hostname.equals("localhost")) {
	                return true;
	            }
	            return false;
	        }
	    });
	}
	
	public static void main(String[] args) throws Exception {
	   
	URL url = new URL("https://localhost:8443/HelloWorld/hello?wsdl");
        QName qname = new QName("http://ws.mkyong.com/", "HelloWorldImplService");

        Service service = Service.create(url, qname);
        HelloWorld hello = service.getPort(HelloWorld.class);
        System.out.println(hello.getHelloWorldAsString());
       
    }
}

Output


Hello World JAX-WS

It’s working fine now.

About the Author

author image
mkyong
Founder of Mkyong.com, love Java and open source stuff. Follow him on Twitter, or befriend him on Facebook or Google Plus. If you like my tutorials, consider make a donation to these charities.

Comments

Leave a Reply

avatar
newest oldest most voted
Sachin Singh
Guest
Sachin Singh

hello i am using the above code to call a solr api but its giving the exception “sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target” can you tell me what should i do

sss
Guest
sss

I have been facing the same. Please help.

Angel
Guest
Angel

descargar el certificado, Firefox options>Advanced>Certificates>View Certificates>Add exception> url>view>Details>Export guardar como .cer
despues desde cmd abrir cd %java_home%, cd bin ya en bin usar el keytool, e.g.:
C:Program Files (x86)Javajdk1.8.0_111bin>keytool -import -alias xstore -keystore “C:Program Files (x86)Javajdk1.8.0_111jrelibsecuritycacerts” -file C:xauthcertificatexstore.cer

Ahi se agrega el certificado al cacerts y listo, para ver los certificados para asegurar que se haya agregado se puede utilizar el comando
keytool -list -v -keystore “C:Program Files (x86)Javajdk1.8.0_111jrelibsecuritycacerts” > java_cacerts.txt

Faragó Csaba
Guest
Faragó Csaba

Thank you for the explanation!
The link to the related Oracle article is broken.

??????? ????????
Guest
??????? ????????

Thank you, mkyong. Your articles very useful for me)

Thomas Schwitzer
Guest
Thomas Schwitzer

thanks – works fine :-)

Adrian
Guest
Adrian

Thanx, excellent solution !!

siva ande
Guest
siva ande

awesome fix …

Robert
Guest
Robert

Hi, Thank you very much! Just what I needed :)

Jignesh Parmar
Guest
Jignesh Parmar

Hey Thanks alot, I’m using JAVA FX WebEngine to load the URL, and used your static block to by pass the SSL issue.

MBallem
Guest
MBallem

I had this problem, thank you for the solutiion.

a.gader
Guest
a.gader

many thanks …

Husna
Guest
Husna

I was on this for nearly a week, and finally the method solved it. Can you please provide an updated link to the article that explains the solution in more detail or if you can explain what the method is doing it would be highly useful.

Jeewantha
Guest
Jeewantha

Excellent post as always! Thank you very much!

Siddharth
Guest
Siddharth

Your tutorials are the simplest, the best, the easiest to implement and understand and last but not the least THE AWESOMEST!!!

Edi
Guest
Edi

Great article, I wish I would start the search here :). My problem was that I tried to load a JavaFX WebEngine to ‘https://localhost/…’ and may server had a self-signed certificate. Adding the static part in the Controller class fixed my problem.

Thank you.

trackback
Deploy JAX-WS web services on Tomcat + SSL connection

[…] java.security.cert.CertificateException: No name matching localhost found […]

Nico
Guest
Nico

awesome, didn’t know about that. thanks!

haris
Guest
haris

hi bro,,

thank you

your answer perfect…

Jon Ander
Guest
Jon Ander

Thanks!! very useful

marsant
Guest
marsant
hello, I configure a HTTPS webservice adding below constraings to the web.xml: <security-constraint> <web-resource-collection> <web-resource-name>Secure Area</web-resource-name> <url-pattern>/* </url-pattern> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>EMPLOYEE</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> when I create a testClient and run it, Netbeans say me: Exception in thread “main” javax.xml.ws.WebServiceException: Cannot find ‘https://localhost:8181/Webservice/Service?wsdl’ wsdl. Place the resource correctly in the classpath. What could I do? Thanks in advance
ash
Guest
ash

hi.. did you manage to get around with this problem?

I’m facing the same issue..

Max Ramos
Guest
Max Ramos
Hi.. If you want to make it work in your local environment but can’t create a class like the one proposed above, let’s say you’re executing wsimport using maven, you can just create a self signed certificate and add it to your JDK’s truststore (i.e. cacerts) For example if you’re using unix: 1. create a self signed certificate (with validity of 1 year, increase it if you like; change the name of -keystore parameter to your own tomcat’s keystore) > keytool -genkey -alias localhost -keyalg RSA -validity 365 -keypass changeit -keystore your-keystore.jks -storepass changeit -dname “CN=localhost, OU=anyOrgUnit, O=anyOrg, C=US, ST=anyState,… Read more »
manish
Guest
manish

i ma getting

java.net.UnknownServiceException: no content-type
at java.net.URLConnection.getContentHandler(URLConnection.java:1209)
at java.net.URLConnection.getContent(URLConnection.java:706)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getContent(HttpsURLConnectionImpl.java:426)
at MutualAuthenticationHTTP.doitAll(MutualAuthenticationHTTP.java:100)
at MutualAuthenticationHTTP.main(MutualAuthenticationHTTP.java:75)

pl help

Peter DeGregorio
Guest
Peter DeGregorio

Hello, Thank you for posting this information. The article like appears to be broken or obsolete. This document http://docs.oracle.com/cd/E19159-01/820-1072/820-1072.pdf explains it on page 75 and may be what was originally pointed to.

trackback
java.security.cert.CertificateException: No name matching localhost found

[…] web service over SSL connection : package com.mkyong.client;   import java.net.URL; import… [full post] mkyong Mkyong Dot Com jax-wsweb services 0 0 0 0 1 […]

trackback
How to bypass certificate checking in a Java web service client

[…] java.security.cert.CertificateException: No name matching localhost found […]