Hello everybody,
this is my first post here…so let’s how it will work out…
We are currently trying to switch from Eclipse Paho MQTT client to the new HiveMy client library (version 1.2)
For testing purpose we set up a local HiveMQ 4.4 broker with SSL Listener enabled at standard port 8883 using a server side JKS file used as the “KeyStore”.
We also have the corresponding client side JKS file which would be the “TrustStore” with defined password.
Using MQTT.fx locally we are able to connect with SSL using exactly this client side JKS file with password without problems.
However when trying to connect with the hivemq client we keep getting this exception:
Could not connect...
com.hivemq.client.mqtt.exceptions.ConnectionFailedException: javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address 127.0.0.1 found
Caused by: javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address 127.0.0.1 found
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:320)
...
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 127.0.0.1 found
at java.base/sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:160)
at java.base/sun.security.util.HostnameChecker.match(HostnameChecker.java:96)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:429)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:283)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:619)
... 32 more
Here is our test code:
@Test
public void asyncConnectPublish() throws ExecutionException, InterruptedException, IOException, NoSuchAlgorithmException, KeyStoreException, CertificateException {
final String jksPath = "C:\\Temp\\jks\\hivemq_ext\\hivemq.jks";
final String jksPW = "***";
final InputStream inputStream = new FileInputStream(new File(jksPath));
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(inputStream, jksPW.toCharArray());
final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
final Mqtt3AsyncClient client = MqttClient.builder()
.identifier("myTestClient_" + UUID.randomUUID().toString().substring(0, 7))
.serverHost("127.0.0.1")
.serverPort(8883)
.sslConfig()
.trustManagerFactory(trustManagerFactory)
.applySslConfig()
.useMqttVersion3()
.buildAsync();
final Mqtt3ConnAck mqtt3ConnAck = client.connectWith()
.simpleAuth()
.username("admin")
.password("***".getBytes())
.applySimpleAuth()
.send()
.whenComplete((connAck, throwable) -> {
if (throwable != null) {
// Handle connection failure
System.out.println("Could not connect...");
throwable.printStackTrace();
} else {
System.out.println("Mqtt Client connected.");
// Setup subscribes or start publishing
}
})
.get();
assertNotNull(mqtt3ConnAck);
}
We are quite clueless what could be the problem since this config works fine in MQTT.fx
Any help would be greatly appreciated!
Thank you,
Johannes