java.security.cert.CertificateException: No name matching localhost found

Problem

Configured Tomcat to support SSL and deployed this simple hello world web service. And use following client connect to the deployed web service over SSL connection :


package com.mkyong.client;

import java.net.URL;
import javax.xml.namespace.QName;
import javax.xml.ws.Service;

import com.mkyong.ws.HelloWorld;

public class HelloWorldClient{
	
	public static void main(String[] args) throws Exception {
	   
	URL url = new URL("https://localhost:8443/HelloWorld/hello?wsdl");
        QName qname = new QName("http://ws.mkyong.com/", "HelloWorldImplService");

        Service service = Service.create(url, qname);
        HelloWorld hello = service.getPort(HelloWorld.class);
        System.out.println(hello.getHelloWorldAsString());
       
    }
}

It hits “No name matching localhost found” exception :


Caused by: javax.net.ssl.SSLHandshakeException: 
    java.security.cert.CertificateException: No name matching localhost found
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
	......
Caused by: java.security.cert.CertificateException: No name matching localhost found
	at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:210)
	at sun.security.util.HostnameChecker.match(HostnameChecker.java:77)
	......

Solution

This problem and solution is well explained in this article, you can use a Transport Security (SSL) Workaround for your “localhost” development environment.

To fix it, add a javax.net.ssl.HostnameVerifier() method to override the existing hostname verifier like this :


package com.mkyong.client;

import java.net.URL;
import javax.xml.namespace.QName;
import javax.xml.ws.Service;

import com.mkyong.ws.HelloWorld;

public class HelloWorldClient{
	
	static {
	    //for localhost testing only
	    javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
	    new javax.net.ssl.HostnameVerifier(){

	        public boolean verify(String hostname,
	                javax.net.ssl.SSLSession sslSession) {
	            if (hostname.equals("localhost")) {
	                return true;
	            }
	            return false;
	        }
	    });
	}
	
	public static void main(String[] args) throws Exception {
	   
	URL url = new URL("https://localhost:8443/HelloWorld/hello?wsdl");
        QName qname = new QName("http://ws.mkyong.com/", "HelloWorldImplService");

        Service service = Service.create(url, qname);
        HelloWorld hello = service.getPort(HelloWorld.class);
        System.out.println(hello.getHelloWorldAsString());
       
    }
}

Output


Hello World JAX-WS

It’s working fine now.

About the Author

author image
mkyong
Founder of Mkyong.com, love Java and open source stuff. Follow him on Twitter. If you like my tutorials, consider make a donation to these charities.

Comments

avatar
25 Comment threads
5 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
27 Comment authors
kirtiman mishraandrewLeonAngelsss Recent comment authors
newest oldest most voted
Faragó Csaba
Guest
Faragó Csaba

Thank you for the explanation!
The link to the related Oracle article is broken.

Sachin Singh
Guest
Sachin Singh

hello i am using the above code to call a solr api but its giving the exception “sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target” can you tell me what should i do

trackback
How to bypass certificate checking in a Java web service client

[…] java.security.cert.CertificateException: No name matching localhost found […]

trackback
java.security.cert.CertificateException: No name matching localhost found

[…] web service over SSL connection : package com.mkyong.client;   import java.net.URL; import… [full post] mkyong Mkyong Dot Com jax-wsweb services 0 0 0 0 1 […]

Peter DeGregorio
Guest
Peter DeGregorio

Hello, Thank you for posting this information. The article like appears to be broken or obsolete. This document http://docs.oracle.com/cd/E19159-01/820-1072/820-1072.pdf explains it on page 75 and may be what was originally pointed to.

manish
Guest
manish

i ma getting

java.net.UnknownServiceException: no content-type
at java.net.URLConnection.getContentHandler(URLConnection.java:1209)
at java.net.URLConnection.getContent(URLConnection.java:706)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getContent(HttpsURLConnectionImpl.java:426)
at MutualAuthenticationHTTP.doitAll(MutualAuthenticationHTTP.java:100)
at MutualAuthenticationHTTP.main(MutualAuthenticationHTTP.java:75)

pl help

marsant
Guest
marsant

hello, I configure a HTTPS webservice adding below constraings to the web.xml: <security-constraint> <web-resource-collection> <web-resource-name>Secure Area</web-resource-name> <url-pattern>/* </url-pattern> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>EMPLOYEE</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> when I create a testClient and run it, Netbeans say me: Exception in thread “main” javax.xml.ws.WebServiceException: Cannot find ‘https://localhost:8181/Webservice/Service?wsdl’ wsdl. Place the resource correctly in the classpath. What could I do? Thanks in advance

Jon Ander
Guest
Jon Ander

Thanks!! very useful

haris
Guest
haris

hi bro,,

thank you

your answer perfect…

Nico
Guest
Nico

awesome, didn’t know about that. thanks!

trackback
Deploy JAX-WS web services on Tomcat + SSL connection

[…] java.security.cert.CertificateException: No name matching localhost found […]

Edi
Guest
Edi

Great article, I wish I would start the search here :). My problem was that I tried to load a JavaFX WebEngine to ‘https://localhost/…’ and may server had a self-signed certificate. Adding the static part in the Controller class fixed my problem.

Thank you.

Siddharth
Guest
Siddharth

Your tutorials are the simplest, the best, the easiest to implement and understand and last but not the least THE AWESOMEST!!!

Jeewantha
Guest
Jeewantha

Excellent post as always! Thank you very much!

Husna
Guest
Husna

I was on this for nearly a week, and finally the method solved it. Can you please provide an updated link to the article that explains the solution in more detail or if you can explain what the method is doing it would be highly useful.

a.gader
Guest
a.gader

many thanks …

MBallem
Guest
MBallem

I had this problem, thank you for the solutiion.

Jignesh Parmar
Guest
Jignesh Parmar

Hey Thanks alot, I’m using JAVA FX WebEngine to load the URL, and used your static block to by pass the SSL issue.

Robert
Guest
Robert

Hi, Thank you very much! Just what I needed 🙂

siva ande
Guest
siva ande

awesome fix …

Adrian
Guest
Adrian

Thanx, excellent solution !!

Thomas Schwitzer
Guest
Thomas Schwitzer

thanks – works fine 🙂

??????? ????????
Guest
??????? ????????

Thank you, mkyong. Your articles very useful for me)

Leon
Guest
Leon

the referenced article on oracle.com cannot be found

kirtiman mishra
Guest
kirtiman mishra

Thank you sir. Really helpful for the code.