Tlssimple example is gving this exception when tryig to start worker: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 127.0.0.1 found

I am trying the tlssimple example:

but when trying to start the worker i, get the exception:

WorkflowServiceStubs service =
WorkflowServiceStubs.newInstance(
WorkflowServiceStubsOptions.newBuilder()
.setSslContext(SimpleSslContextBuilder.forPKCS8(clientCert, clientKey).build())
.build());

tlssimple example is gving this exception when tryig to start worker: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 127.0.0.1 found

I wasn’t able to reproduce your particular error, but tried locally and this worked for me (java sdk version 1.12.0):

WorkflowServiceStubs service = null;
    try {
      service =
          WorkflowServiceStubs.newServiceStubs(
              WorkflowServiceStubsOptions.newBuilder()
                  .setSslContext(
                      SimpleSslContextBuilder.forPKCS8(CLIENT_CERT, CLIENT_KEY)
                          .setUseInsecureTrustManager(true)
                          .build())
                  .build());
    } catch (SSLException e) {
       e.printStackTrace();
    }

i added .setUseInsecureTrustManager(true) and now i get

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error
at sun.security.ssl.Alert.createSSLException(Alert.java:131)

Whats the java and temporal java sdk version you are using?
Could you provide your code to reproduce this error?

i tried

WorkflowServiceStubs service =
WorkflowServiceStubs.newInstance(
WorkflowServiceStubsOptions.newBuilder()
.setSslContext(SimpleSslContextBuilder.forPKCS8(clientCert, clientKey).setUseInsecureTrustManager(true).build())
.build());

and now i get

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.Alert.createSSLException(Alert.java:117)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:357)
at sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at sun.security.ssl.TransportContext.dispatch(TransportContext.java:203

i am using jdk1.8.0_291

package com.crisil.workflow.worker;

import moneytransferapp.Shared;
import io.temporal.client.WorkflowClient;
import io.temporal.serviceclient.WorkflowServiceStubs;
import io.temporal.serviceclient.WorkflowServiceStubsOptions;

import io.temporal.worker.Worker;
import io.temporal.worker.WorkerFactory;

import com.crisil.workflow.activity.common.impl.CommonActivityImpl;
import com.crisil.workflow.workflow.impl.WASscenarioexpansionImpl;
import com.crisil.workflow.activity.impl.WASActivityscenarioexpansionImpl;
import com.crisil.workflow.workflow.impl.WASgetDataForCreateScenarioPageImpl;
import com.crisil.workflow.activity.impl.WASActivitygetDataForCreateScenarioPageImpl;
import com.crisil.workflow.workflow.impl.WASgetDataForrfsetsPageImpl;
import com.crisil.workflow.activity.impl.WASActivitygetDataForrfsetsPageImpl;
import com.crisil.workflow.workflow.impl.WASevalrfsetsImpl;
import com.crisil.workflow.activity.impl.WASActivityevalrfsetsImpl;

import io.temporal.serviceclient.SimpleSslContextBuilder;
import java.io.FileInputStream;
import java.io.InputStream;

// @@@SNIPSTART money-transfer-project-template-java-worker
public class WASWorkerscenarioexpansion {

public static void main(String[] args) throws Exception {
	
	
		
		 InputStream clientCert = new FileInputStream("C:\\data\\certs\\ca.cert");
 	    // PKCS8 client key, which should look like:
 	    // -----BEGIN PRIVATE KEY-----
 	    // ...
 	    // -----END PRIVATE KEY-----
 	    //InputStream clientKey = new FileInputStream("C:\\data\\certs\\client.pfx");
 	   InputStream clientKey = new FileInputStream("C:\\data\\certs\\client.key");
 	    
 	    // For Temporal Cloud this would likely be ${namespace}.tmprl.cloud:7233
 	   // String targetEndpoint = System.getenv("TEMPORAL_ENDPOINT");
 	    // Your registered Namespace.
 	    //String namespace = System.getenv("TEMPORAL_NAMESPACE");
 	    // Create SSL enabled client by passing SslContext, created by SimpleSslContextBuilder.
 	    
 	   // SimpleSslContextBuilder.forPKCS8(clientCert, clientKey).build();

// WorkflowServiceStubs service =
// WorkflowServiceStubs.newInstance(
// WorkflowServiceStubsOptions.newBuilder()
// .setSslContext(SimpleSslContextBuilder.forPKCS12( clientKey).build())

 	   WorkflowServiceStubs service =
    	        WorkflowServiceStubs.newInstance(
    	            WorkflowServiceStubsOptions.newBuilder()
    	                .setSslContext(SimpleSslContextBuilder.forPKCS8(clientCert, clientKey).setUseInsecureTrustManager(true).build())
    	                .build());

     // WorkflowServiceStubs is a gRPC stubs wrapper that talks to the local Docker instance of the Temporal server.
     //WorkflowServiceStubs service = WorkflowServiceStubs.newInstance();
     WorkflowClient client = WorkflowClient.newInstance(service);
     // Worker factory is used to create Workers that poll specific Task Queues.
     WorkerFactory factory = WorkerFactory.newInstance(client);
     Worker worker = factory.newWorker("WAS_TASK_QUEUE_scenarioexpansion");
     // This Worker hosts both Workflow and Activity implementations.
     // Workflows are stateful so a type is needed to create instances.
     worker.registerWorkflowImplementationTypes(WASscenarioexpansionImpl.class,WASgetDataForCreateScenarioPageImpl.class,WASgetDataForrfsetsPageImpl.class,WASevalrfsetsImpl.class);
     // Activities are stateless and thread safe so a shared instance is used.
     worker.registerActivitiesImplementations(new CommonActivityImpl(), new WASActivityscenarioexpansionImpl(),new WASActivitygetDataForCreateScenarioPageImpl(),new WASActivitygetDataForrfsetsPageImpl(),new WASActivityevalrfsetsImpl());
     // Start listening to the Task Queue.
     factory.start();
     
	
	
}

}
// @@@SNIPEND

I believe that your

InputStream clientCert = new FileInputStream("C:\\data\\certs\\ca.cert");

should be using the pem file:

InputStream clientCert = new FileInputStream("C:\\data\\certs\\client.pem");

make sure you are also using the certs that are generated
by generate-test-certs.sh

package com.crisil.workflow.worker;

import moneytransferapp.Shared;
import io.temporal.client.WorkflowClient;
import io.temporal.serviceclient.WorkflowServiceStubs;
import io.temporal.serviceclient.WorkflowServiceStubsOptions;

import io.temporal.worker.Worker;
import io.temporal.worker.WorkerFactory;

import com.crisil.workflow.activity.common.impl.CommonActivityImpl;
import com.crisil.workflow.workflow.impl.WASscenarioexpansionImpl;
import com.crisil.workflow.activity.impl.WASActivityscenarioexpansionImpl;
import com.crisil.workflow.workflow.impl.WASgetDataForCreateScenarioPageImpl;
import com.crisil.workflow.activity.impl.WASActivitygetDataForCreateScenarioPageImpl;
import com.crisil.workflow.workflow.impl.WASgetDataForrfsetsPageImpl;
import com.crisil.workflow.activity.impl.WASActivitygetDataForrfsetsPageImpl;
import com.crisil.workflow.workflow.impl.WASevalrfsetsImpl;
import com.crisil.workflow.activity.impl.WASActivityevalrfsetsImpl;

import io.temporal.serviceclient.SimpleSslContextBuilder;
import java.io.FileInputStream;
import java.io.InputStream;

// @@@SNIPSTART money-transfer-project-template-java-worker
public class WASWorkerscenarioexpansion {

public static void main(String[] args) throws Exception {
	
	
		
		 InputStream clientCert = new FileInputStream("C:\\data\\certs\\ca.cert");
 	    // PKCS8 client key, which should look like:
 	    // -----BEGIN PRIVATE KEY-----
 	    // ...
 	    // -----END PRIVATE KEY-----
 	    //InputStream clientKey = new FileInputStream("C:\\data\\certs\\client.pfx");
 	   InputStream clientKey = new FileInputStream("C:\\data\\certs\\client.key");
 	    
 	    // For Temporal Cloud this would likely be ${namespace}.tmprl.cloud:7233
 	   // String targetEndpoint = System.getenv("TEMPORAL_ENDPOINT");
 	    // Your registered Namespace.
 	    //String namespace = System.getenv("TEMPORAL_NAMESPACE");
 	    // Create SSL enabled client by passing SslContext, created by SimpleSslContextBuilder.
 	    
 	   // SimpleSslContextBuilder.forPKCS8(clientCert, clientKey).build();

// WorkflowServiceStubs service =
// WorkflowServiceStubs.newInstance(
// WorkflowServiceStubsOptions.newBuilder()
// .setSslContext(SimpleSslContextBuilder.forPKCS12( clientKey).build())

 	   WorkflowServiceStubs service =
    	        WorkflowServiceStubs.newInstance(
    	            WorkflowServiceStubsOptions.newBuilder()
    	                .setSslContext(SimpleSslContextBuilder.forPKCS8(clientCert, clientKey).setUseInsecureTrustManager(true).build())
    	                .build());

     // WorkflowServiceStubs is a gRPC stubs wrapper that talks to the local Docker instance of the Temporal server.
     //WorkflowServiceStubs service = WorkflowServiceStubs.newInstance();
     WorkflowClient client = WorkflowClient.newInstance(service);
     // Worker factory is used to create Workers that poll specific Task Queues.
     WorkerFactory factory = WorkerFactory.newInstance(client);
     Worker worker = factory.newWorker("WAS_TASK_QUEUE_scenarioexpansion");
     // This Worker hosts both Workflow and Activity implementations.
     // Workflows are stateful so a type is needed to create instances.
     worker.registerWorkflowImplementationTypes(WASscenarioexpansionImpl.class,WASgetDataForCreateScenarioPageImpl.class,WASgetDataForrfsetsPageImpl.class,WASevalrfsetsImpl.class);
     // Activities are stateless and thread safe so a shared instance is used.
     worker.registerActivitiesImplementations(new CommonActivityImpl(), new WASActivityscenarioexpansionImpl(),new WASActivitygetDataForCreateScenarioPageImpl(),new WASActivitygetDataForrfsetsPageImpl(),new WASActivityevalrfsetsImpl());
     // Start listening to the Task Queue.
     factory.start();
     
	
	
}

}
// @@@SNIPEND

yes, using the certs that are generated by generate-test-certs.sh

issue is resolved,

I changed

 InputStream clientCert = new FileInputStream("C:\\data\\certs\\ca.cert");

to

InputStream clientCert = new FileInputStream(“C:\data\certs\client.pem”);