问题
I'm using Apache HttpComponents HttpClient(4.0.1) to make a HTTPS call, but I'm this exception as the response:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:345)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:561)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
I provided all the required paramters. The destination system doesn't require any user name/password or proxy, but it contains JKS csrtificates that are installed in server. The user name and passwords are blank values.
This is working with org.apache.commons.httpclient.methods.PostMethod - Version 3.0 - commons-httpclient-3.0.jar
Now we have implemented with org.apache.http.client.methods.HttpPost - Version 4.0.1 - commons-httpclient.jar
This is the sample code snippet which is not working:
HttpParams param = new BasicHttpParams();
HttpProtocolParams.setVersion(param, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(param, "UTF-8");
HttpProtocolParams.setUseExpectContinue(param, true);
DefaultHttpClient httpClient = new DefaultHttpClient(param);
httpClient.getParams().setParameter(HttpConnectionParams.CONNECTION_TIMEOUT,10000)));
httpClient.getParams().setParameter(HttpConnectionParams.SO_TIMEOUT,10000)));
httpClient.getCredentialsProvider().setCredentials(new AuthScope(<HOST IP,PORT)),
AuthScope.ANY_REALM),
new UsernamePasswordCredentials("", ""));
try {
HttpPost httpPost = new HttpPost(END POINT URL);
StringEntity requestEntity = new StringEntity(inputString, "text/xml", "UTF-8");
httpPost.setEntity(requestEntity);
response = httpClient.execute(httpPost);
HttpEntity responseEntity = response.getEntity();
if (null != responseEntity)
{
responseBody = EntityUtils.toString(responseEntity);
}
if (null != httpPost.getURI()) {
url = httpPost.getURI().toString();
}
} catch (IOException e) {
e.printStackTrace();
} finally {
httpClient.getConnectionManager().shutdown();
}
回答1:
The exception message
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
doesn't always indicate the root cause of the issue.
You may need to enable the SSL handshake debug by adding theJava VM parameter -Djavax.net.debug=ssl:handshake.
Once you've added that you will get more helpful error messages.
If the remote server uses a certificate that is not trusted you will see the following error message:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
If that is the case then the answer by @Abhishek will solve the issue.
回答2:
as mentioned above either you import the certificate
- Start command prompt in directory which you have placed certificate (e.g. XYZ.cer)
- Run following command just change the active jre path (and please notice ~ symbol )
keytool -import -alias XYZ -file XYZ.cer -keystore C:/Program~1/Java/jdk1.6.0_23/jre/lib/security/cacerts -storepass changeit
OR
use your own trust manager http://tech.chitgoks.com/2011/04/24/how-to-avoid-javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated-problem-using-apache-httpclient/
回答3:
Any SSL connection issue can result in this error.
One of my solution is upgrade java from 6 to 8. Our problem is the server we meant to communicate is stop supporting TLS 1.0. And java 6 does not support upper version of TLS 1.0. After update Java (even without upgrade dropwizard) it works.
回答4:
Make sure that the server URL is supposed to use https instead of http. You can get this error trying to set up a secure connection to an http URL.
来源:https://stackoverflow.com/questions/6276435/why-am-i-getting-an-exception-javax-net-ssl-sslpeerunverifiedexception-peer-not