hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: SSL self- signed- certicate trouble with TrustSelfSignedStrategy()
Date Thu, 28 Oct 2010 14:57:12 GMT
On Thu, 2010-10-28 at 16:27 +0200, Gerhard Sinne wrote:
> Hi all,
> I have  HTTP client implementing a self- signed- accpetance strategy using 
> the   TrustSelfSignedStrategy() of the apache HTTP Client 4.1Alpha2.
> 
> - First question : Do I have to set the truststore system properties 
> although  I implemented a TrustSelfSignedStrategy () - Strategy ? 
> 

You do not.


> Like this way:
> 
>         System.setProperty("javax.net.ssl.trustStore", "My.trustStore");
>         System.setProperty("javax.net.ssl.trustStorePassword", "MyPWD");
> 
> I did not install any certificates globally in JRE/JDK with the keytool 
> and also try to avoid this. 
> 
> - Second, could somebody shed a light on this code which still fails with 
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated 
> 
> 

You have to differentiate self-signed certificates from those signed by
non-trusted CA. The TrustSelfSignedStrategy causes HttpClient to bypass
the certificate checks for _self-signed_ certificates only.

Hope this helps

Oleg


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message