开发者

Why am I getting an exception javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated?

I'm using Apache HttpComponents HttpClient(4.0.1) to make a HTTPS call, but I'm this exception as the response:

 javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
        at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:345)
        at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
        at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
        at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
        at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
        at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
        at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:561)
        at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)

I provided all the required paramters. The destination system doesn't require any user name/password or proxy, but it contains JKS csrtifica开发者_运维技巧tes that are installed in server. The user name and passwords are blank values.

This is working with org.apache.commons.httpclient.methods.PostMethod - Version 3.0 - commons-httpclient-3.0.jar Now we have implemented with org.apache.http.client.methods.HttpPost - Version 4.0.1 - commons-httpclient.jar

This is the sample code snippet which is not working:

HttpParams param = new BasicHttpParams();
HttpProtocolParams.setVersion(param, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(param, "UTF-8");
HttpProtocolParams.setUseExpectContinue(param, true);
DefaultHttpClient httpClient = new DefaultHttpClient(param);
httpClient.getParams().setParameter(HttpConnectionParams.CONNECTION_TIMEOUT,10000)));
httpClient.getParams().setParameter(HttpConnectionParams.SO_TIMEOUT,10000)));
httpClient.getCredentialsProvider().setCredentials(new AuthScope(<HOST IP,PORT)),
    AuthScope.ANY_REALM),
    new UsernamePasswordCredentials("", ""));

try {
HttpPost httpPost = new HttpPost(END POINT URL);
StringEntity requestEntity = new StringEntity(inputString, "text/xml", "UTF-8");
httpPost.setEntity(requestEntity);
response = httpClient.execute(httpPost);
HttpEntity responseEntity = response.getEntity();
if (null != responseEntity) 
{
    responseBody = EntityUtils.toString(responseEntity);
}
if (null != httpPost.getURI()) {
    url = httpPost.getURI().toString();
}
} catch (IOException e) {
    e.printStackTrace();
} finally {
   httpClient.getConnectionManager().shutdown();
}


The exception message

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

doesn't always indicate the root cause of the issue. You may need to enable the SSL handshake debug by adding theJava VM parameter -Djavax.net.debug=ssl:handshake. Once you've added that you will get more helpful error messages. If the remote server uses a certificate that is not trusted you will see the following error message:

javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

If that is the case then the answer by @Abhishek will solve the issue.


as mentioned above either you import the certificate

  1. Start command prompt in directory which you have placed certificate (e.g. XYZ.cer)
  2. Run following command just change the active jre path (and please notice ~ symbol )
  3. keytool -import -alias XYZ -file XYZ.cer -keystore C:/Program~1/Java/jdk1.6.0_23/jre/lib/security/cacerts -storepass changeit

                               OR
    

use your own trust manager http://tech.chitgoks.com/2011/04/24/how-to-avoid-javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated-problem-using-apache-httpclient/


Any SSL connection issue can result in this error.

One of my solution is upgrade java from 6 to 8. Our problem is the server we meant to communicate is stop supporting TLS 1.0. And java 6 does not support upper version of TLS 1.0. After update Java (even without upgrade dropwizard) it works.


Make sure that the server URL is supposed to use https instead of http. You can get this error trying to set up a secure connection to an http URL.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜