SSL Problem from CUCM

alexandersatria_Zlf — Wed, 12 Aug 2015 06:27:18 GMT

We are writing to ask about how to solve the problem that we encounter when we are trying to develop the sample of Cisco API application.

We have tried to run the sample of Cisco API sample application from the DevNet form.

Here is the link of the sample that we've tried and followed:

https://developer.cisco.com/site/extension-mobility/learn/sample-apps/index.gsp

package asd;

import java.io.*;

import java.net.*;

import javax.net.ssl.*;

import java.security.*;

import java.security.cert.X509Certificate;

import java.net.URLEncoder;

import javax.xml.ws.Service;

import javax.net.ssl.TrustManagerFactory;

public class asdf {

public static void main(String[] args) throws Exception {

//EM API service URL on Unified CM host host.com

//Note this sample assumes the certificate for the host with subject

//name 'cucm-host.com' has been imported into the Java keystore

//To test with insecure connection use the URL as http://cucm-host.com:8080/emservice/EMServiceServlet

URL url = new URL("https://192.168.10.11:8443/emservice/EMServiceServlet");

//Create a java.net URLConnection object to make the HTTP request

URLConnection conn = url.openConnection();

//setDoOutput=true causes the URLConnection to perform a POST operation

conn.setDoOutput(true);

//The request body will be in HTTP form encoded format

conn.setRequestProperty("Content-Type","application/x-www-form-urlencoded");

//Build a string containing the contents of the E/M API XML request - here 'login'

String EMRequest = "<request><appinfo><appid>operator</appid><appcertificate>operator</appcertificate></appinfo>";

EMRequest += "<login><devicename>SEP000000000001</devicename><userid>user01</userid><deviceprofile>EM-USER01</deviceprofile>";

EMRequest += "<exclusiveduration><time>60</time></exclusiveduration></login></request>";

//URL encode/escape the request

EMRequest = URLEncoder.encode(EMRequest,"UTF-8");

//Build the complete HTTP form request body

EMRequest = "xml="+EMRequest;

//Create an OutputStreamWriter for the URLConnection object and make the request

OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());

writer.write(EMRequest);

writer.flush();

//Read the response

BufferedReader reader = new BufferedReader(new InputStreamReader(conn.getInputStream()));

//Output the response to the console

String line;

while ((line = reader.readLine()) != null) {

System.out.println(line);

}

//Cleanup the stream objects

writer.close();

reader.close();

}

private static void disableSslVerification() {

try

{

// Create a trust manager that does not validate certificate chains

TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() {

public java.security.cert.X509Certificate[] getAcceptedIssuers() {

return null;

}

public void checkClientTrusted(X509Certificate[] certs, String authType) {

}

public void checkServerTrusted(X509Certificate[] certs, String authType) {

}

};

// Install the all-trusting trust manager

SSLContext sc = SSLContext.getInstance("SSL");

sc.init(null, trustAllCerts, new java.security.SecureRandom());

HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

// Create all-trusting host name verifier

HostnameVerifier allHostsValid = new HostnameVerifier() {

public boolean verify(String hostname, SSLSession session) {

return true;

}

};

// Install the all-trusting host verifier

HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);

} catch (NoSuchAlgorithmException e) {

e.printStackTrace();

} catch (KeyManagementException e) {

e.printStackTrace();

}

We have followed the steps, but we can not solve the SSL error:

Exception in thread "main" javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478)

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)

at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)

at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)

at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)

at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)

at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1282)

at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1257)

at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)

at asd.asdf.main(asdf.java:41)

Caused by: java.security.cert.CertificateException: No subject alternative names present

at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:144)

at sun.security.util.HostnameChecker.match(HostnameChecker.java:93)

at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)

at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460)

... 13 more

Is there any solution to fix this error?

We also have imported the certificate, but it is still not working.

Re: SSL Problem from CUCM

npetrele — Mon, 31 Aug 2015 18:49:05 GMT

There is a problem either with the certificate, or how you imported it. This link at coderanch might provide some help for you:

Getting error No subject alternative names when doing secure URL connection (Security forum at JavaRanch)

topic Re: SSL Problem from CUCM in Management

SSL Problem from CUCM

Re: SSL Problem from CUCM