cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1399
Views
0
Helpful
1
Replies

SSL Problem from CUCM

We are writing to ask about how to solve the problem that we encounter when we are trying to develop the sample of Cisco API application.

We have tried to run the sample of Cisco API sample application from the DevNet form.

Here is the link of the sample that we've tried and followed:

https://developer.cisco.com/site/extension-mobility/learn/sample-apps/index.gsp

package asd;

import java.io.*;

import java.net.*;

import javax.net.ssl.*;

import java.security.*;

import java.security.cert.X509Certificate;

import java.net.URLEncoder;

import javax.xml.ws.Service;

import javax.net.ssl.TrustManagerFactory;

public class asdf {

  public static void main(String[] args) throws Exception {

  //EM API service URL on Unified CM host host.com

  //Note this sample assumes the certificate for the host with subject

  //name 'cucm-host.com' has been imported into the Java keystore

  //To test with insecure connection use the URL as http://cucm-host.com:8080/emservice/EMServiceServlet

  URL url = new URL("https://192.168.10.11:8443/emservice/EMServiceServlet");

  

  //Create a java.net URLConnection object to make the HTTP request

  URLConnection conn = url.openConnection();

  //setDoOutput=true causes the URLConnection to perform a POST operation

  conn.setDoOutput(true);

  //The request body will be in HTTP form encoded format

  conn.setRequestProperty("Content-Type","application/x-www-form-urlencoded");

  

  //Build a string containing the contents of the E/M API XML request - here 'login'

  String EMRequest = "<request><appinfo><appid>operator</appid><appcertificate>operator</appcertificate></appinfo>";

  EMRequest += "<login><devicename>SEP000000000001</devicename><userid>user01</userid><deviceprofile>EM-USER01</deviceprofile>";

  EMRequest += "<exclusiveduration><time>60</time></exclusiveduration></login></request>";

  //URL encode/escape the request

  EMRequest = URLEncoder.encode(EMRequest,"UTF-8");

  //Build the complete HTTP form request body

  EMRequest = "xml="+EMRequest;

  

  //Create an OutputStreamWriter for the URLConnection object and make the request

  OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());

  writer.write(EMRequest);

  writer.flush();

  

  //Read the response

  BufferedReader reader = new BufferedReader(new InputStreamReader(conn.getInputStream()));

  

  //Output the response to the console

  String line;

  while ((line = reader.readLine()) != null) {

  System.out.println(line);

  }

  

  //Cleanup the stream objects

  writer.close();

  reader.close();

  }

  private static void disableSslVerification() {

     try

     {

         // Create a trust manager that does not validate certificate chains

         TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() {

             public java.security.cert.X509Certificate[] getAcceptedIssuers() {

                 return null;

             }

             public void checkClientTrusted(X509Certificate[] certs, String authType) {

             }

             public void checkServerTrusted(X509Certificate[] certs, String authType) {

             }

         }

         };

         // Install the all-trusting trust manager

         SSLContext sc = SSLContext.getInstance("SSL");

         sc.init(null, trustAllCerts, new java.security.SecureRandom());

         HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

         // Create all-trusting host name verifier

         HostnameVerifier allHostsValid = new HostnameVerifier() {

             public boolean verify(String hostname, SSLSession session) {

                 return true;

             }

         };

         // Install the all-trusting host verifier

         HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);

     } catch (NoSuchAlgorithmException e) {

         e.printStackTrace();

     } catch (KeyManagementException e) {

         e.printStackTrace();

     }

  }

}

We have followed the steps, but we can not solve the SSL error:

Exception in thread "main" javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478)

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)

at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)

at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)

at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)

at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)

at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1282)

at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1257)

at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)

at asd.asdf.main(asdf.java:41)

Caused by: java.security.cert.CertificateException: No subject alternative names present

at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:144)

at sun.security.util.HostnameChecker.match(HostnameChecker.java:93)

at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)

at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460)

... 13 more

Is there any solution to fix this error?

We also have imported the certificate, but it is still not working.

1 Accepted Solution

Accepted Solutions

npetrele
Cisco Employee
Cisco Employee

There is a problem either with the certificate, or how you imported it.  This link at coderanch might provide some help for you:

Getting error No subject alternative names when doing secure URL connection (Security forum at JavaRanch)

View solution in original post

1 Reply 1

npetrele
Cisco Employee
Cisco Employee

There is a problem either with the certificate, or how you imported it.  This link at coderanch might provide some help for you:

Getting error No subject alternative names when doing secure URL connection (Security forum at JavaRanch)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: