Hi all,
I have HTTP client implementing a self- signed- accpetance strategy using
the TrustSelfSignedStrategy() of the apache HTTP Client 4.1Alpha2.
- First question : Do I have to set the truststore system properties
although I implemented a TrustSelfSignedStrategy () - Strategy ?
Like this way:
System.setProperty("javax.net.ssl.trustStore", "My.trustStore");
System.setProperty("javax.net.ssl.trustStorePassword", "MyPWD");
I did not install any certificates globally in JRE/JDK with the keytool
and also try to avoid this.
- Second, could somebody shed a light on this code which still fails with
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
TrustStrategy trustStrategy = new
TrustSelfSignedStrategy();
X509HostnameVerifier hostnameVerifier = new
AllowAllHostnameVerifier();
SSLSocketFactory sslSf = new
SSLSocketFactory(trustStrategy, hostnameVerifier);
Scheme https = new Scheme("https", 443,
sslSf);
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(https);
ClientConnectionManager connection = new
ThreadSafeClientConnManager(schemeRegistry);
DefaultHttpClient httpClient = new DefaultHttpClient(connection);
httpClient.getCredentialsProvider().setCredentials(
new
AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT, "HTTPAccess"),
new
UsernamePasswordCredentials("username", "password"));
HttpGet httpGet = new HttpGet("
https://192.168.0.100:443/cgi-bin/read.xml?);
HttpResponse response = httpClient.execute(httpGet);
System.out.println(response.getStatusLine());
Thanks for any comment
/Gerd
The information included in this e-mail and any files transmitted with it is
strictly confidential and may be privileged or otherwise protected from
disclosure. If you are not the intended recipient, please notify the sender
immediately by e-mail and delete this e-mail as well as any attachment from
your system. If you are not the intended recipient you are not authorized to
use and/or copy this message and/or attachment and/or disclose the contents to
any other person.
