Thanks Oleg -----Original Message----- From: Oleg Kalnichevski [mailto:[email protected]] Sent: Wednesday, June 09, 2010 10:14 PM To: HttpClient User Discussion Subject: Re: SSLPeerUnverifiedException: peer not authenticated
On Wed, 2010-06-09 at 15:40 +0100, Martin Flower wrote: > With https basic authentication, I can connect successfully to one https url > (https://mediacenter.gmx.net), but not to another (https://www.ebico.co.uk). > The second one throws an error > > Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated > at > com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352) > at > org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) > > The certificate is a root certificate granted by Verisign. Basic > authentication. > > I'm using httpclient 4.0.1 and httpcore 4.0.1. > > Code is : > > DefaultHttpClient httpClient = new DefaultHttpClient(); > > httpClient.getCredentialsProvider().setCredentials( > new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT), > new UsernamePasswordCredentials(username, password)); > > HttpGet initialGet = new HttpGet(submitUrl); > > HttpResponse response = httpClient.execute(initialGet); // throws > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated > > The exception is thrown as session.peerCerts is null > > I've investigated the use of a custom https scheme in order to vary the > enabled protocols ("SSLv2Hello", "SSLv3", "TLSv1") - but this has not solved > the problem. > > Any ideas ? > > The certificate used by the site (www.ebico.co.uk) is trusted neither by Java Runtime nor by Firefox. You need to customize the SSL context used by HttpClient and configure this certificate as trusted, if you trust the site. Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
