hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nir Dweck <n...@vasco-de.com>
Subject RE: HTTPS connection
Date Sun, 15 Jun 2014 20:33:42 GMT
Hi,
Here is the implementation I did (I am using 4.2.2):
        ClassLoader cl = HttpSyncServer.class.getClassLoader();
        URL url = cl.getResource(keyStore);
        if (url == null) {
            log.fatal("Keystore not found. HTTPS is not active");
        }

        KeyStore trustStore = KeyStore.getInstance("JKS");
        trustStore.load(url.openStream(), pswrd.toCharArray());
        KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(
                "SunX509");
        kmfactory.init(trustStore, pswrd.toCharArray());
        SSLSocketFactory socketFactory = new SSLSocketFactory(TrustManagerFactory.getDefaultAlgorithm(),trustStore,
pswrd, trustStore, null, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        Scheme sch = new Scheme("https", port, socketFactory);
        m_httpclient.getConnectionManager().getSchemeRegistry().register(sch);

but I still get: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticate.

Am I doing something wrong or could it be a problem with the certificate of the server?


Regards,
Nir

-----Original Message-----
From: Nir Dweck [mailto:nird@vasco-de.com]
Sent: Saturday, June 14, 2014 11:21 PM
To: 'httpclient-users@hc.apache.org'
Subject: HTTPS connection

Hi,
I'm required to connect to a server over HTTPS. The server provided me both a certificate
and a keystore for authentication.
I've imported the certificate to my truststore file and registered a schema with the keystore
to the connection manager.
The problem is that the host in the certificate is different than the host name I need to
reach.
I know that in javax.net.ssl there is an HostNameVerifier interface that you can set on the
connection, which can solve cases like these.
How do I implement it with httpcomponents-client?

Regards,
Nir



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message