发表新帖
发表新帖

SSL “Peer Not Authenticated” error with HttpClient 4.1

后端 未结
关注
4 1033
傲寒
傲寒 2020-12-03 16:49

I am building a simple app monitor to poll one of our API URLs and email us if it can\'t get a HTTP 200 status code from the response (this would indicate our API is down fo

相关标签:
4条回答
  • 予麋鹿
    2020-12-03 17:27

    If the server's certificate is self-signed, then this is working as designed and you will have to import the server's certificate into your keystore.

    Assuming the server certificate is signed by a well-known CA, this is happening because the set of CA certificates available to a modern browser is much larger than the limited set that is shipped with the JDK/JRE.

    The EasySSL solution given in one of the posts you mention just buries the error, and you won't know if the server has a valid certificate.

    You must import the proper Root CA into your keystore to validate the certificate. There's a reason you can't get around this with the stock SSL code, and that's to prevent you from writing programs that behave as if they are secure but are not.

    0 讨论(0)
  • 清酒与你
    2020-12-03 17:37

    This is thrown when

    ... the peer was not able to identify itself (for example; no certificate, the particular cipher suite being used does not support authentication, or no peer authentication was established during SSL handshaking) this exception is thrown.

    Probably the cause of this exception (where is the stacktrace) will show you why this exception is thrown. Most likely the default keystore shipped with Java does not contain (and trust) the root certificate of the TTP that is being used.

    The answer is to retrieve the root certificate (e.g. from your browsers SSL connection), import it into the cacerts file and trust it using keytool which is shipped by the Java JDK. Otherwise you will have to assign another trust store programmatically.

    0 讨论(0)
  • 粉色の甜心
    2020-12-03 17:40 
    keytool -import -v -alias cacerts -keystore cacerts.jks -storepass changeit -file C:\cacerts.cer
    0 讨论(0)
  • 北荒
    2020-12-03 17:41

    Im not a java developer but was using a java app to test a RESTful API. In order for me to fix the error I had to install the intermediate certificates in the webserver in order to make the error go away. I was using lighttpd, the original certificate was installed on an IIS server. Hope it helps. These were the certificates I had missing on the server.

    • CA.crt
    • UTNAddTrustServer_CA.crt
    • AddTrustExternalCARoot.crt
    0 讨论(0)
 看不清?
提交回复
热议问题