Whether the certificate in SSL can use IP instead of domain name

Preface: Listen to others said before the generation of certificates can use IP address, today with examples to confirm the use of IP address is not.

Scenario One:

The name specified when generating a certificate is an IP address

Example is a single sign-on example, Web.xml is configured as follows:

<!--the filter is responsible for the user's authentication, it must be enabled--> <filter> <filter-name>CASFilter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-pa Ram> <param-name>casServerLoginUrl</param-name> <param-value>https://172. 18.113.78:8443/casserver/login</param-value> <!--The server here is the IP--> of the service side </init-param&  
        Gt <init-param> <param-name>serverName</param-name> &LT;PARAM-VALUE&GT;HTTP://1  
        27.0.0.1:8080/</param-value> </init-param> </filter> <filter-mapping> <filter-name>CASFilter</filter-name> <url-pattern>/*</url-pattern </filter-map Ping> <!--The filter is responsible for ticket calibration, it must be enabled--> <!--Validationfilter This filter is responsible for validating the request parameter ticket (TI Cket parameter is responsible for the childCredentials for authentication interaction with CAS Casserverurlprefix:cas service access address ServerName: Host name for current application--> <filter> <filter-name&gt ; CAS Validation filter</filter-name> <filter-class> org.jasig.cas.client.validation.Cas 20ProxyReceivingTicketValidationFilter </filter-class> <init-param> <para M-name>casserverurlprefix</param-name> <param-value>https://172.18.113.78:8443/casserver</ param-value> </init-param> <init-param> <param-name>servername</  
        Param-name> <param-value>http://127.0.0.1:8080</param-value> </init-param> <init-param> <param-name>encoding</param-name> <param-value>ut f-8</param-value> </init-param> </filter> <filter-mapping> <fil Ter-name>cas ValidatIon Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> 

The HTTPS protocol is specified in the above configuration, and the name specified when the certificate was generated is 172.18.113.78 in the previous figure, with an error after access, as follows:

Serious: Servlet.service () for Servlet [JSP] in context with path [/uum] threw exception JAVA.LANG.RUNTIMEEXCEPTION:JAVAX.N Et.ssl.SSLHandshakeException:java.security.cert.CertificateException:No Subject alternative names present at ORG.J Asig.cas.client.util.CommonUtils.getResponseFromServer (commonutils.java:341) at Org.jasig.cas.client.util.CommonUtils.getResponseFromServer (commonutils.java:305) at Org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer ( ABSTRACTCASPROTOCOLURLBASEDTICKETVALIDATOR.JAVA:50) at Org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate (Abstracturlbasedticketvalidator.java : 207) at Org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter ( abstractticketvalidationfilter.java:169) at Org.apache.catalina.core.ApplicationFilterChain.internalDoFilter ( applicationfilterchain.java:243) at Org.apache.catalina.core.ApplicationFilterChain.doFilter (applicationfilterchain.java:210) at Org.jasig.cas.client.authentication.AuthenticationFilter.doFilter ( authenticationfilter.java:116) at Org.apache.catalina.core.ApplicationFilterChain.internalDoFilter ( applicationfilterchain.java:243) at Org.apache.catalina.core.ApplicationFilterChain.doFilter ( applicationfilterchain.java:210) at Org.jasig.cas.client.session.SingleSignOutFilter.doFilter ( singlesignoutfilter.java:76) at Org.apache.catalina.core.ApplicationFilterChain.internalDoFilter ( applicationfilterchain.java:243) at Org.apache.catalina.core.ApplicationFilterChain.doFilter ( applicationfilterchain.java:210) at Fi.common.filter.SetCharacterEncodingFilter.doFilter ( setcharacterencodingfilter.java:125) at Org.apache.catalina.core.ApplicationFilterChain.internalDoFilter ( applicationfilterchain.java:243) at Org.apache.catalina.core.ApplicationFilterChain.doFilter ( applicationfilterchain.java:210) at Org.apache.catalina.core.StandardWrapperValve. Invoke (standardwrappervalve.java:240) at Org.apache.catalina.core.StandardContextValve.invoke ( standardcontextvalve.java:164) at Org.apache.catalina.authenticator.AuthenticatorBase.invoke ( authenticatorbase.java:462) at Org.apache.catalina.core.StandardHostValve.invoke (standardhostvalve.java:164) A T Org.apache.catalina.valves.ErrorReportValve.invoke (errorreportvalve.java:100) at Org.apache.catalina.valves.AccessLogValve.invoke (accesslogvalve.java:562) at Org.apache.catalina.core.StandardEngineValve.invoke (standardenginevalve.java:118) at Org.apache.catalina.connector.CoyoteAdapter.service (coyoteadapter.java:395) at Org.apache.coyote.http11.Http11Processor.process (http11processor.java:250) at Org.apache.coyote.http11.http11protocol$http11connectionhandler.process (http11protocol.java:188) at Org.apache.coyote.http11.http11protocol$http11connectionhandler.process (http11protocol.java:166) at Org.apache.tomcat.util.net.JIoEndpOint$socketprocessor.run (jioendpoint.java:302) at Java.util.concurrent.threadpoolexecutor$worker.runtask (  
    threadpoolexecutor.java:886) at Java.util.concurrent.threadpoolexecutor$worker.run (ThreadPoolExecutor.java:908) At Java.lang.Thread.run (thread.java:619) caused by:javax.net.ssl.SSLHandshakeException: Java.security.cert.CertificateException:No Subject alternative names present at Com.sun.net.ssl.internal.ssl.Alerts  
    . Getsslexception (alerts.java:174) at Com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal (sslsocketimpl.java:1591) At Com.sun.net.ssl.internal.ssl.Handshaker.fatalSE (handshaker.java:187) at Com.sun.net.ssl.internal.ssl.Handshaker.fatalSE (handshaker.java:181) at Com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate (clienthandshaker.java:1035) at Com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage (clienthandshaker.java:124) at Com.sun.net.ssl.internal.ssl.Handshaker.processLoop (handshaker.java:516)  
    At Com.sun.net.ssl.internal.ssl.Handshaker.process_record (handshaker.java:454) at COM.SUN.NET.SSL.INTERNAL.SS L.sslsocketimpl.readrecord (sslsocketimpl.java:884) at Com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake (sslsocketimpl.java:1096) at Com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake (sslsocketimpl.java:1123) at Com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake (sslsocketimpl.java:1107) at Sun.net.www.protocol.https.HttpsClient.afterConnect (httpsclient.java:415) at Sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect (Abstractdelegatehttpsurlconnection.java : 166) at Sun.net.www.protocol.http.HttpURLConnection.getInputStream (httpurlconnection.java:1026) at Sun.net.ww W.protocol.https.httpsurlconnectionimpl.getinputstream (httpsurlconnectionimpl.java:234) at Org.jasig.cas.client.util.CommonUtils.getResponseFromServer (commonutils.java:328) ... More caused BY:JAVA.SECURity.cert.CertificateException:No Subject alternative names present at Sun.security.util.HostnameChecker.matchIP (Ho stnamechecker.java:142) at Sun.security.util.HostnameChecker.match (hostnamechecker.java:75) at Com.sun.net.ssl . Internal.ssl.X509TrustManagerImpl.checkIdentity (x509trustmanagerimpl.java:264) at Com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted (x509trustmanagerimpl.java:250) at Com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate (clienthandshaker.java:1014) ... More