Loading

Getting No subject alternative names present when calling SSL enabled application

Veröffentlichungsdatum: Jul 25, 2025
Aufgabe

The aim of this article is to provide a solution for "No subject alternative names present" exception when calling SSL Enabled (HTTPS endpoint)

Schritte

PROBLEM

When making a call to SSL/HTTPS Endpoint on mule server using server's IP address users may get 'No subject alternative names present' exceptions.
Client applications behind DMZ with no access to DNS to resolve the hostname will need the approach in this KB to be able to expose the service that can serve requests using both DNS and IP address.

SYMPTOM

When the client application is calling the SSL enabled application, they will get following exception: 
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_77]
        ...
Caused by: java.security.cert.CertificateException: No subject alternative names present
	at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:144) ~[?:1.8.0_77]
       ...​

SOLUTION

    You are not supposed to use IP address in CN when creating a certificate for your SSL endpoint, you need to set CN to the hostname (sample.com). In order to serve requests that using IP address, you can use the subject alternative name (san) for this purpose to add IP Address (static ip) of the application to certificate's extensions. 

You can use the following syntax to generate a self-signed keypair, in this sample application is called "sample.com" with public ip "ip:53.63.109.45". Using this certificate, client applications can call the exposed endpoint using both public IP and sample.com. 

keytool -genkeypair -v -alias mbh -keystore keystore-ssl.jks -storepass mani1234 -keypass mani1234 -keyalg RSA -storetype JKS -validity 2000 -keysize 2048 -dname "CN=sample.com, OU=Support, O=Mulesoft, L=Syd, ST=NSW, C=AU"  -ext san=ip:53.63.109.45
Nummer des Knowledge-Artikels

001114640

 
Laden
Salesforce Help | Article