Return-Path: Delivered-To: apmail-hc-httpclient-users-archive@www.apache.org Received: (qmail 11010 invoked from network); 19 May 2009 12:14:35 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 19 May 2009 12:14:35 -0000 Received: (qmail 35353 invoked by uid 500); 19 May 2009 12:14:34 -0000 Delivered-To: apmail-hc-httpclient-users-archive@hc.apache.org Received: (qmail 35306 invoked by uid 500); 19 May 2009 12:14:34 -0000 Mailing-List: contact httpclient-users-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpClient User Discussion" Delivered-To: mailing list httpclient-users@hc.apache.org Received: (qmail 35296 invoked by uid 99); 19 May 2009 12:14:34 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 May 2009 12:14:34 +0000 X-ASF-Spam-Status: No, hits=1.4 required=10.0 tests=FORGED_YAHOO_RCVD,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of lists@nabble.com designates 216.139.236.158 as permitted sender) Received: from [216.139.236.158] (HELO kuber.nabble.com) (216.139.236.158) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 May 2009 12:14:24 +0000 Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1M6OCp-0000OS-69 for httpclient-users@hc.apache.org; Tue, 19 May 2009 05:14:03 -0700 Message-ID: <23615152.post@talk.nabble.com> Date: Tue, 19 May 2009 05:14:03 -0700 (PDT) From: realflash To: httpclient-users@hc.apache.org Subject: Re: using SSL in a development environment In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: flash666@yahoo.com References: X-Virus-Checked: Checked by ClamAV on apache.org Bill Higgins-2 wrote: > > Hi I'm working in a development environment where our servers use > self-signed certificates. I want to use HttpClient 4 to connect to these > servers and basically ignore any security errors that come back. I was > hoping I could use org.apache.http.conn.ssl.SSLSocketFactory to do this by > using SSLSocketFactory's ALLOW_ALL_HOSTNAME_VERIFIER verifier, but it > failed > with a javax.net.ssl.SSLPeerUnverifiedException with message "peer not > authenticated". > > A colleague suggested that I need to create my own implementation of > LayeredSocketFactory, e.g. "TrustingSSLSocketFactory", but I was hoping > there was a way to get SSLSocketFactory to work for me, if I could > configure > it the right way. Here is the code I am currently using. Please let me > know > if there's something simple I can change to use SSLSocketFactory in my > development environment with servers with self-signed certs. > > PS - I'm using HttpCore 4.0 Beta 2 and HttpClient 4.0 Alpha 4. > For those who want to avoid the factory creation, Howard Abrams has produced a neat solution to this problem by inserting a new security provider that ignores cert problems. You just need to add two class files to your project and call one method and bingo. You may also need to call ALLOW_ALL_HOSTNAME_VERIFIER if the cert doesn't match the hostname. http://www.howardism.org/Technical/Java/SelfSignedCerts.html -- View this message in context: http://www.nabble.com/using-SSL-in-a-development-environment-tp19001545p23615152.html Sent from the HttpClient-User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org For additional commands, e-mail: httpclient-users-help@hc.apache.org