I'm trying to generate a webservice client using wsimport from https wsdl:
call wsimport -d bin -s src -p mypackage.ws https://x.x.x.x:8181/services/SomeService?wsdl
For solving security errors I added a server's certificate to Java's keystore:
keytool -import -keystore c:\Java\jdk1.6.0_38\jre\lib\security\cacerts -file c:\ca-dev.crt
But when I do wsimport error appears:
[ERROR] java.security.cert.CertificateException: No subject alternative names present
Failed to read the WSDL document: https://x.x.x.x:8181/services/SomeService?wsdl, because 1) could not find the document; /2) the document could not
be read; 3) the root element of the document is not .
[ERROR] failed.noservice=Could not find wsdl:service in the provided WSDL(s):
At least one WSDL with at least one service definition needs to be provided.
Failed to parse the WSDL.
SOLVED!
Added entry with name same as certificate's CN to hosts file.
An SSL certificate is based on hostnames. Either the certificate's CN must be the hostname you are trying to access, or it must have an optional Subject Alternative Name entry which exactly matches the hostname you are trying to access.
If possible, make sure the hostname in your https URL exactly matches the CN or one of the Subject Alternative Names in the certificate. Many certificates have no Subject Alternative Names, so don't stress if you can't find any when you examine the certificate.
Sometimes referring to the hostname in this manner isn't possible, such as when port 8181 is only accessible inside a LAN and referring to the machine by its full and proper hostname would use an Internet route to reach it. As far as I know, there is no command-line means of disabling certificate checking. One (obviously non-portable) workaround is to add an entry to your hosts
file, which is typically located at %SystemRoot%\system32\drivers\etc\hosts
in Windows, so you can refer to the server with the hostname that is in the certificate.