AXL Java Client Demo using JAX-WS ssl handshake exception error

yuanzli · ‎03-29-2015

Hi everyone.

I am trying to run the AXL Java Client Demo on CUCM 10.5.

But I got error.

I had already imported the certificate.

Please help me.

The error is:

Exception in thread "main" com.sun.xml.internal.ws.client.ClientTransportExcepti

on: HTTP transport error: javax.net.ssl.SSLHandshakeException: java.security.cer

t.CertificateException: No subject alternative names present

at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.get

Output(Unknown Source)

at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.proce

ss(Unknown Source)

at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.proce

ssRequest(Unknown Source)

at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processReques

t(Unknown Source)

at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source)

at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source)

at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source)

at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source)

at com.sun.xml.internal.ws.client.Stub.process(Unknown Source)

at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(Unknown Source)

at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown S

ource)

at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown S

ource)

at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown Source)

at com.sun.proxy.$Proxy29.getPhone(Unknown Source)

at com.cisco.axl.demo.Demo.getPhone(Demo.java:156)

at com.cisco.axl.demo.Demo.getPhoneInfo(Demo.java:123)

at com.cisco.axl.demo.Demo.main(Demo.java:103)

Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateEx

ception: No subject alternative names present

at sun.security.ssl.Alerts.getSSLException(Unknown Source)

at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)

at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)

at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)

at sun.security.ssl.Handshaker.processLoop(Unknown Source)

at sun.security.ssl.Handshaker.process_record(Unknown Source)

at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source

)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)

at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect

(Unknown Source)

at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown S

ource)

at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unk

nown Source)

... 17 more

Caused by: java.security.cert.CertificateException: No subject alternative names

present

at sun.security.util.HostnameChecker.matchIP(Unknown Source)

at sun.security.util.HostnameChecker.match(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Sour

ce)

... 29 more

npetrele · ‎03-30-2015

It looks like you may not have imported the certificate correctly, or you may have imported it into the wrong place. This can happen easily if you have more than one version of Java installed.

Open up a command window and type "java -version". Suppose you see something like this:

'

java version "1.8.0_40"

Java(TM) SE Runtime Environment (build 1.8.0_40-b26)

Java HotSpot(TM) 64-Bit Server VM (build 25.40-b25, mixed mode)

This means your cacerts file is probably here:

C:\Program Files\Java\jre1.8.0_40\lib\security\cacerts

It's fairly common to have more than one version of Java installed. Try "dir \Program Files\Java". Here's what I have:

01/13/2015 05:56 PM <DIR> jdk1.7.0_71

07/23/2014 03:48 PM <DIR> jdk1.8.0_11

02/23/2015 01:17 PM <DIR> jdk7

03/24/2015 10:10 AM <DIR> jre1.8.0_40

01/13/2015 05:56 PM <DIR> jre7

yuanzli · ‎03-31-2015

Hi Nicholas,

Thank you for your help.

But the error still exists.

I had check my java version, which is the same as you:

java version "1.8.0_40"

Java(TM) SE Runtime Environment (build 1.8.0_40-b26)

Java HotSpot(TM) 64-Bit Server VM (build 25.40-b25, mixed mode)

The result of dir command is like this:

2015/03/31 13:17 <DIR> .

2015/03/31 13:17 <DIR> ..

2015/03/31 13:17 <DIR> jdk1.8.0_40

2015/03/31 13:17 <DIR> jre1.8.0_40

0 File(s) 0 bytes

4 Dir(s) 63,812,317,184 bytes free

I checked my cacerts. I had already installed them.

My cacerts are in the directory: C:\Program Files\Java\jdk1.8.0_40\jre\lib\security\jssecacerts

and C:\Program Files\Java\jre1.8.0_40\lib\security\jssececerts

I do not know what to do next to solve this problem.

Could you offer some advice?

Thank you very much!

npetrele · ‎03-31-2015

I'm pretty sure Java is looking for the file cacerts by default, not the directories or file jssecacerts or jssececerts (spelling error?).

yuanzli · ‎04-02-2015

I imported the certificate according to a guide on DevNet:]Cisco AXL https://developer.cisco.com/site/axl/learn/how-to/axl-java-sample-application.gsp

Just now, I imported certificates into cacerts. But the error still exists.

My command is:

keytool -import -alisa CA_ALIAS -file C:\Users\yuanzli\Desktop\yuanzliCUCM2.cisco.com -keystore C:\Program Files\Java\jre1.8.0_40\lib\security\cacerts

Dose the certificate need a specific alias? ie:CA_ALIAS or else

Thank you for your advice very much!

Best regards.

yuanzli · ‎04-06-2015

Hi Nicholas,

I had imported certificate into both cacerts and jssecacerts.

I did it according to official guide:Cisco AXL

But it seemed not work. Error still exists.

Is there anything wrong?

upchaurasia · ‎04-01-2015

Are you using any editor (e.g. Netbeans or Eclipse) and webserver (e.g. Glassfish or Tomcat)?

In case of glassfish u also need to import certificate in glassfish certificate path.

Also if ur application is using JDK path in place of JRE then u need to import certificate in JDK certificate path.

Regards,

Umesh

yuanzli · ‎04-02-2015

Hi,

I use Eclipse, no webserver.

Maybe I need to study something about CA.

Thanks!

npetrele · ‎04-07-2015

This is not something I can debug remotely. I'm attaching a Java demo that I know works on my system.

Here are the things you would need to change:

1. Change the package to point to wherever you put your source code.

package com.yourcompany.yoursystem.sample;

2. Edit these lines to include your CUCM host name, username, etc.

	protected static String ucHost = "your cucm host";
	protected static String ucAdmin = "admin username";
	protected static String ucPwd = "admin password";
	protected static String ucCrit = "phone name";

If you make these changes correctly and it still doesn't work for you, there's really nothing I can think of doing outside what I've already said about importing the certificate.

sebastian.roman1 · ‎07-14-2016

Hi Yuan, i have a same problem, do you find solution? (sorry for my english)

jialinli · ‎08-02-2016

Hi, Sebastian

I met the problem before, and I fixed this by inputting the hostname not the ip address. Hope this will help you.

Thanks,

Jialing