Loading

Getting No subject alternative names present when calling SSL enabled application

Data pubblicazione: Jul 25, 2025
Operazione

The aim of this article is to provide a solution for "No subject alternative names present" exception when calling SSL Enabled (HTTPS endpoint)

Fasi

PROBLEM

When making a call to SSL/HTTPS Endpoint on mule server using server's IP address users may get 'No subject alternative names present' exceptions.
Client applications behind DMZ with no access to DNS to resolve the hostname will need the approach in this KB to be able to expose the service that can serve requests using both DNS and IP address.

SYMPTOM

When the client application is calling the SSL enabled application, they will get following exception: 
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_77]
        ...
Caused by: java.security.cert.CertificateException: No subject alternative names present
	at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:144) ~[?:1.8.0_77]
       ...​

SOLUTION

    You are not supposed to use IP address in CN when creating a certificate for your SSL endpoint, you need to set CN to the hostname (sample.com). In order to serve requests that using IP address, you can use the subject alternative name (san) for this purpose to add IP Address (static ip) of the application to certificate's extensions. 

You can use the following syntax to generate a self-signed keypair, in this sample application is called "sample.com" with public ip "ip:53.63.109.45". Using this certificate, client applications can call the exposed endpoint using both public IP and sample.com. 

keytool -genkeypair -v -alias mbh -keystore keystore-ssl.jks -storepass mani1234 -keypass mani1234 -keyalg RSA -storetype JKS -validity 2000 -keysize 2048 -dname "CN=sample.com, OU=Support, O=Mulesoft, L=Syd, ST=NSW, C=AU"  -ext san=ip:53.63.109.45
Numero articolo Knowledge

001114640

 
Caricamento
Salesforce Help | Article