未使用goDaddy證書驗證Https主機名

Question

我試圖使用我的端點下列出的兩個goDaddy證書訪問我的服務器。堆棧中的三個證書是My cert> Go Daddy安全證書頒發機構-G2> Go Daddy根證書頒發機構 - G2。我從Go Daddy Repository下載了安全和根證書，現在已經添加到我的android應用程序原始資源文件夾中。即使在那裏它仍然給我這個錯誤

javax.net.ssl.SSLPeerUnverifiedException: Hostname not verified: 

我不知道我應該接下來做什麼。我嘗試了很多組合，所以我認爲我需要一種不同的方式來做到這一點。

這是我到目前爲止; 我的HttpsClient代碼;

public class MyHttpsGet extends AsyncTask<String, Void, String> { 

Context context; 

int cert; 
int interCert; 
boolean allowHost; 
private String username; 
private String password; 

//this is used if you need a password and username 
//mainly for logins to a webserver 
public MyHttpsGet(String username, String password, Context context, int cert, int intermedCert) 
{ 
    this.context = context; 
    this.cert = cert; 
    this.interCert = intermedCert; 
    this.username = username; 
    this.password = password; 

} 

//used for image downloading 
public MyHttpsGet(){} 

@Override 
protected String doInBackground(String... params) { 
    String url = params[0]; 
    return httpsDownloadData(url, context, cert, interCert); 
} 

public String httpsDownloadData (String urlString, Context context, int certRawResId, int certIntermedResId) 
{ 
    String respone = null; 

    try { 
     // build key store with ca certificate 
     KeyStore keyStore = buildKeyStore(context, certRawResId, certIntermedResId); 


     // Create a TrustManager that trusts the CAs in our KeyStore 
     String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); 
     TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); 
     tmf.init(keyStore); 

     // Create an SSLContext that uses our TrustManager 
     SSLContext sslContext = SSLContext.getInstance("TLS"); 
     sslContext.init(null, tmf.getTrustManagers(), null); 

     // Create a connection from url 
     URL url = new URL(urlString); 
     if (username != null) { 
      Authenticator.setDefault(new Authenticator() { 
       @Override 
       protected PasswordAuthentication getPasswordAuthentication() { 
        return new PasswordAuthentication(username, password.toCharArray()); 
       } 
      }); 
     } 
     HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection(); 
     urlConnection.setSSLSocketFactory(sslContext.getSocketFactory()); 


     int statusCode = urlConnection.getResponseCode(); 
     Log.d("Status code: ", Integer.toString(statusCode)); 


     InputStream inputStream = urlConnection.getInputStream(); 
     if (inputStream != null) { 
      respone = streamToString(inputStream); 
      inputStream.close(); 
     } 

    }catch (IOException e) { 
     e.printStackTrace(); 
    } catch (NoSuchAlgorithmException e) { 
     e.printStackTrace(); 
    } catch (KeyStoreException e) { 
     e.printStackTrace(); 
    } catch (KeyManagementException e) { 
     e.printStackTrace(); 
    } 

    Log.d("MyHttps Respones: ", respone); 
    return respone; 
} 


private static KeyStore buildKeyStore(Context context, int certRawResId, int interCert){ 
    // init a default key store 
    String keyStoreType = KeyStore.getDefaultType(); 
    KeyStore keyStore = null; 
    try { 
     keyStore = KeyStore.getInstance(keyStoreType); 
     keyStore.load(null, null); 

     // read and add certificate authority 
     Certificate cert2 = readCert(context, interCert); 
     Certificate cert = readCert(context, certRawResId); 
     keyStore.setCertificateEntry("ca" , cert2); 
     keyStore.setCertificateEntry("ca", cert); 



    } catch (CertificateException e) { 
     e.printStackTrace(); 
    } catch (NoSuchAlgorithmException e) { 
     e.printStackTrace(); 
    } catch (KeyStoreException e) { 
     e.printStackTrace(); 
    } catch (IOException e) { 
     e.printStackTrace(); 
    } 
    return keyStore; 

} 

private static Certificate readCert(Context context, int certResourceId) throws IOException { 

    // read certificate resource 
    InputStream caInput = context.getResources().openRawResource(certResourceId); 

    Certificate ca = null; 
    try { 
     // generate a certificate 
     CertificateFactory cf = CertificateFactory.getInstance("X.509"); 
     ca = cf.generateCertificate(caInput); 
    } catch (CertificateException e) { 
     e.printStackTrace(); 
    } finally { 
     caInput.close(); 
    } 

    return ca; 
} 

//this is used for downloading strings from an http or https connection 
private String streamToString(InputStream is) throws IOException { 

    StringBuilder sb = new StringBuilder(); 
    BufferedReader rd = new BufferedReader(new InputStreamReader(is)); 
    String line; 
    while ((line = rd.readLine()) != null) { 
     sb.append(line); 
    } 

    return sb.toString(); 
} 


} 

這裏是我怎麼叫它/使用它：

MyHttpsGet task = new MyHttpsGet(username, password,myContext, R.raw.gdroot_g2, R.raw.gdintermed); 
     try { 
      myJson = task.execute(myUrl).get(); 
      Log.d("Json: " , myJson); 
     } catch (InterruptedException e) { 
      e.printStackTrace(); 
     } catch (ExecutionException e) { 
      e.printStackTrace(); 
     } 
     new runningMan().execute(); 

感謝您的任何幫助。

這裏是我的證書鏈

Answer 1

錯誤消息說apivitacrm.elasticbeanstalk.com的照片，但你那麼黑掉你的證書中的通配符名稱。爲什麼？

好吧，無論它是什麼，它看起來像一個a開頭，所以它絕對不是*.elasticbeanstalk.com通配符證書。

這意味着錯誤信息是正確的。證書不屬於給定的域名。

即使它是一個*.apivitacrm.elasticbeanstalk.com通配符（儘管這個通配符看起來不夠寬），但它仍然不會匹配apivitacrm.elasticbeanstalk.com，因爲它只與子域匹配。