hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: HTTPS connection
Date Mon, 16 Jun 2014 08:16:47 GMT
On Sun, 2014-06-15 at 20:33 +0000, Nir Dweck wrote:
> Hi,
> Here is the implementation I did (I am using 4.2.2):
>         ClassLoader cl = HttpSyncServer.class.getClassLoader();
>         URL url = cl.getResource(keyStore);
>         if (url == null) {
>             log.fatal("Keystore not found. HTTPS is not active");
>         }
> 
>         KeyStore trustStore = KeyStore.getInstance("JKS");
>         trustStore.load(url.openStream(), pswrd.toCharArray());
>         KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(
>                 "SunX509");
>         kmfactory.init(trustStore, pswrd.toCharArray());
>         SSLSocketFactory socketFactory = new SSLSocketFactory(TrustManagerFactory.getDefaultAlgorithm(),trustStore,
pswrd, trustStore, null, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
>         Scheme sch = new Scheme("https", port, socketFactory);
>         m_httpclient.getConnectionManager().getSchemeRegistry().register(sch);
> 
> but I still get: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticate.
> 
> Am I doing something wrong or could it be a problem with the certificate of the server?
> 
> 

Please refer to this document for help on troubleshooting SSL related
issues:

http://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/ReadDebug.html

Oleg

> Regards,
> Nir
> 
> -----Original Message-----
> From: Nir Dweck [mailto:nird@vasco-de.com]
> Sent: Saturday, June 14, 2014 11:21 PM
> To: 'httpclient-users@hc.apache.org'
> Subject: HTTPS connection
> 
> Hi,
> I'm required to connect to a server over HTTPS. The server provided me both a certificate
and a keystore for authentication.
> I've imported the certificate to my truststore file and registered a schema with the
keystore to the connection manager.
> The problem is that the host in the certificate is different than the host name I need
to reach.
> I know that in javax.net.ssl there is an HostNameVerifier interface that you can set
on the connection, which can solve cases like these.
> How do I implement it with httpcomponents-client?
> 
> Regards,
> Nir
> 
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message