Why am I getting an exception javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated?
I'm using Apache HttpComponents HttpClient(4.0.1) to make a HTTPS call, but I'm this exception as the response:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:345)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:561)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
I provided all the required paramters. The destination system doesn't require any user name/password or proxy, but it contains JKS csrtifica开发者_运维技巧tes that are installed in server. The user name and passwords are blank values.
This is working with org.apache.commons.httpclient.methods.PostMethod
- Version 3.0 - commons-httpclient-3.0.jar
Now we have implemented with org.apache.http.client.methods.HttpPost
- Version 4.0.1 - commons-httpclient.jar
This is the sample code snippet which is not working:
HttpParams param = new BasicHttpParams();
HttpProtocolParams.setVersion(param, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(param, "UTF-8");
HttpProtocolParams.setUseExpectContinue(param, true);
DefaultHttpClient httpClient = new DefaultHttpClient(param);
httpClient.getParams().setParameter(HttpConnectionParams.CONNECTION_TIMEOUT,10000)));
httpClient.getParams().setParameter(HttpConnectionParams.SO_TIMEOUT,10000)));
httpClient.getCredentialsProvider().setCredentials(new AuthScope(<HOST IP,PORT)),
AuthScope.ANY_REALM),
new UsernamePasswordCredentials("", ""));
try {
HttpPost httpPost = new HttpPost(END POINT URL);
StringEntity requestEntity = new StringEntity(inputString, "text/xml", "UTF-8");
httpPost.setEntity(requestEntity);
response = httpClient.execute(httpPost);
HttpEntity responseEntity = response.getEntity();
if (null != responseEntity)
{
responseBody = EntityUtils.toString(responseEntity);
}
if (null != httpPost.getURI()) {
url = httpPost.getURI().toString();
}
} catch (IOException e) {
e.printStackTrace();
} finally {
httpClient.getConnectionManager().shutdown();
}
The exception message
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
doesn't always indicate the root cause of the issue.
You may need to enable the SSL handshake debug by adding theJava VM parameter -Djavax.net.debug=ssl:handshake
.
Once you've added that you will get more helpful error messages.
If the remote server uses a certificate that is not trusted you will see the following error message:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
If that is the case then the answer by @Abhishek will solve the issue.
as mentioned above either you import the certificate
- Start command prompt in directory which you have placed certificate (e.g. XYZ.cer)
- Run following command just change the active jre path (and please notice ~ symbol )
keytool -import -alias XYZ -file XYZ.cer -keystore C:/Program~1/Java/jdk1.6.0_23/jre/lib/security/cacerts -storepass changeit
OR
use your own trust manager http://tech.chitgoks.com/2011/04/24/how-to-avoid-javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated-problem-using-apache-httpclient/
Any SSL connection issue can result in this error.
One of my solution is upgrade java from 6 to 8. Our problem is the server we meant to communicate is stop supporting TLS 1.0. And java 6 does not support upper version of TLS 1.0. After update Java (even without upgrade dropwizard) it works.
Make sure that the server URL is supposed to use https instead of http. You can get this error trying to set up a secure connection to an http URL.
精彩评论