How To Avoid javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated Problem Using Apache HttpClient

I use Apache’s HttpClient library for all my URL related needs. It is a marvelous library that does most of the job behind the scenes. Compared the Java’s URL class, it is not as easy to use as Apache’s HttpClient. While using this library, a site that I commonly check for updates threw the exception message javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated.

When I checked the site, it seemed that its SSL certificated had expired. The only workaround for this is to create your own TrustManager. This class actually checks if the SSL certificate is valid. The scheme used by SSL is called X.509 and Java has a specific TrustManager for this scheme, called X509TrustManager.

This handy method created by theskeleton is just the perfect solution to have your HttpClient object bypass any SSL related errors and ensures that it accepts all SSL certificates of a site, whether it is expired or not.

Related Posts Plugin for WordPress, Blogger...
  • http://www.softagenda.net/ office 2010

    good, liked it a lot..

  • http://stackoverflow.com/questions/6276435/why-am-i-getting-an-exception-javax-net-ssl-sslpeerunverifiedexception-peer-not Sravan

    Nice, but this works with HttpGet requests. I recevied the same exception when I used this with HttpPost. Can you please suggets
    Refer below for more details
    http://stackoverflow.com/questions/6276435/why-am-i-getting-an-exception-javax-net-ssl-sslpeerunverifiedexception-peer-not

  • http://tech.chitgoks.com tech

    hi. i dont have a problem with HttpPost. i use this same code

  • Sravan

    Can you please have a look into the below URL All the detail has been provided there. I just tried this. But it doent work
    http://stackoverflow.com/questions/6276435/why-am-i-getting-an-exception-javax-net-ssl-sslpeerunverifiedexception-peer-not

  • http://tech.chitgoks.com tech

    @sravan: sorry, not interested to check that one. the code in this post works so that should suffice.

  • Mark

    Does this wrapper work, if I dont have certificates configured within my app server? Can you confirm? (As I see exception still persisting. Im using HttpPost)

  • http://tech.chitgoks.com tech

    @mark: yes it works. i use this method in my codes

  • train

    doesn´t work at line 14
    SSLSocketFactory ssf = new SSLSocketFactory(ctx);

    i get

    The constructor SSLSocketFactory(SSLContext) is undefined

    • http://tech.chitgoks.com tech

      @train: is this the class that you imported? org.apache.http.conn.ssl.SSLSocketFactory; because that is what i used

  • Nizam

    I got the same error for a server certificate that was self signed. The suggested solution worked for me on httpcomponents-client-4.1.3.

  • mickey

    not a techy person. can you guys tell me the process step by step, had the same problem.

    thanks.

  • cook

    - is there any way of doing this with -D javax.net.ssl properies ?

  • Hitesh

    Worked on first try. Used these imports.
    Thanks. Had been searching for a solution for many hours now.

    import org.apache.http.conn.ClientConnectionManager;
    import org.apache.http.conn.scheme.Scheme;
    import org.apache.http.conn.scheme.SchemeRegistry;
    import org.apache.http.conn.ssl.SSLSocketFactory;

    import javax.net.ssl.SSLContext;
    import javax.net.ssl.TrustManager;
    import javax.net.ssl.X509TrustManager;
    import java.security.cert.CertificateException;
    import java.security.cert.X509Certificate;

  • http://yahoo.com adama njie

    I want my facebook to work

  • Cristian Vrabie

    This it’s a nice quick fix for testing but you realise that by doing this you basically shoot yourself in the foot from a security point of view, don’t you? Your app can no longer guarantee that the incoming data is from the source you intended.

    • admin

      @cristian: im not sure what you mean. but so far so good. i have not had any problems using this

  • http://virendrapatidar.com Virendra

    If I deploy my war JBOSS AS 7 server, I get below error. If I deploy same war on tomcat 7. it works fine. In both case, my client application is using wrapClient()

    javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

  • Mario

    Works like charm. Super. 10x a lot.

  • http://facebook renzo

    Ayaw nga na po gumana may hinihingi po sya na certificate

  • ashish

    sethostnameverifier is deprecated so
    can use constructor now

    SSLSocketFactory sf = new SSLSocketFactory(ctx,
    SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

  • http://etisalat idaigy

    facebook counect

  • http://etisalat Daigy Bd ISLAM

    I hope correct my facebook conuction & play store

  • http://etisalat Daigy Bd ISLAM

    nice project

  • http://dpasqua.wordpress.com Douglas

    Thanks! worked perfectly.

  • vin

    doesn´t work at line 14
    SSLSocketFactory ssf = new SSLSocketFactory(ctx);
    i get
    The constructor SSLSocketFactory(SSLContext) is undefined

    i used these imports
    import org.apache.http.conn.ClientConnectionManager;
    import org.apache.http.conn.scheme.Scheme;
    import org.apache.http.conn.scheme.SchemeRegistry;
    import org.apache.http.conn.ssl.SSLSocketFactory;
    import javax.net.ssl.SSLContext;
    import javax.net.ssl.TrustManager;
    import javax.net.ssl.X509TrustManager;
    import java.security.cert.CertificateException;
    import java.security.cert.X509Certificate;

    • blogmeister

      @vin: hi, been a long time since i touched this code. you could try to check if there are any other packages that have the same class name

  • vin

    i dnt have any other packages that have the same wrapclient class name

  • vin

    hi blogmeister,

    i really facing hard time regarding this issue.can u please make some suggestions and if u have any chance provide me this code with example project which can i understand easily.my email-id: vinodkumarbollineni@gmail.com , it will be helpful to me ,please suggest me some solution. thanks in advance.

  • http://www.trinea.cn Trinea

    this can be resolved in two ways: the client trust all certificates or server-side add a certificate, the specific cause analysis and solutions see: http://www.trinea.cn/android/android-java-https-ssl-exception-2/