How To Avoid javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated Problem Using Apache HttpClient

I use Apache’s HttpClient library for all my URL related needs. It is a marvelous library that does most of the job behind the scenes. Compared the Java’s URL class, it is not as easy to use as Apache’s HttpClient. While using this library, a site that I commonly check for updates threw the exception message javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated.

When I checked the site, it seemed that its SSL certificated had expired. The only workaround for this is to create your own TrustManager. This class actually checks if the SSL certificate is valid. The scheme used by SSL is called X.509 and Java has a specific TrustManager for this scheme, called X509TrustManager.

This handy method created by theskeleton is just the perfect solution to have your HttpClient object bypass any SSL related errors and ensures that it accepts all SSL certificates of a site, whether it is expired or not.

Related Posts Plugin for WordPress, Blogger...
  1. 29 Responses to “How To Avoid javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated Problem Using Apache HttpClient”

  2. good, liked it a lot..

    By office 2010 on Apr 29, 2011

  3. Nice, but this works with HttpGet requests. I recevied the same exception when I used this with HttpPost. Can you please suggets
    Refer below for more details
    http://stackoverflow.com/questions/6276435/why-am-i-getting-an-exception-javax-net-ssl-sslpeerunverifiedexception-peer-not

    By Sravan on Jun 8, 2011

  4. hi. i dont have a problem with HttpPost. i use this same code

    By tech on Jun 8, 2011

  5. Can you please have a look into the below URL All the detail has been provided there. I just tried this. But it doent work
    http://stackoverflow.com/questions/6276435/why-am-i-getting-an-exception-javax-net-ssl-sslpeerunverifiedexception-peer-not

    By Sravan on Jun 8, 2011

  6. @sravan: sorry, not interested to check that one. the code in this post works so that should suffice.

    By tech on Jun 8, 2011

  7. Does this wrapper work, if I dont have certificates configured within my app server? Can you confirm? (As I see exception still persisting. Im using HttpPost)

    By Mark on Jun 14, 2011

  8. @mark: yes it works. i use this method in my codes

    By tech on Jun 14, 2011

  9. doesn´t work at line 14
    SSLSocketFactory ssf = new SSLSocketFactory(ctx);

    i get

    The constructor SSLSocketFactory(SSLContext) is undefined

    By train on Sep 29, 2011

  10. @train: is this the class that you imported? org.apache.http.conn.ssl.SSLSocketFactory; because that is what i used

    By tech on Sep 29, 2011

  11. I got the same error for a server certificate that was self signed. The suggested solution worked for me on httpcomponents-client-4.1.3.

    By Nizam on Feb 11, 2012

  12. not a techy person. can you guys tell me the process step by step, had the same problem.

    thanks.

    By mickey on Feb 15, 2012

  13. - is there any way of doing this with -D javax.net.ssl properies ?

    By cook on Mar 1, 2012

  14. Worked on first try. Used these imports.
    Thanks. Had been searching for a solution for many hours now.

    import org.apache.http.conn.ClientConnectionManager;
    import org.apache.http.conn.scheme.Scheme;
    import org.apache.http.conn.scheme.SchemeRegistry;
    import org.apache.http.conn.ssl.SSLSocketFactory;

    import javax.net.ssl.SSLContext;
    import javax.net.ssl.TrustManager;
    import javax.net.ssl.X509TrustManager;
    import java.security.cert.CertificateException;
    import java.security.cert.X509Certificate;

    By Hitesh on Mar 17, 2012

  15. I want my facebook to work

    By adama njie on Mar 24, 2012

  16. This it’s a nice quick fix for testing but you realise that by doing this you basically shoot yourself in the foot from a security point of view, don’t you? Your app can no longer guarantee that the incoming data is from the source you intended.

    By Cristian Vrabie on Jul 27, 2012

  17. @cristian: im not sure what you mean. but so far so good. i have not had any problems using this

    By admin on Jul 27, 2012

  18. If I deploy my war JBOSS AS 7 server, I get below error. If I deploy same war on tomcat 7. it works fine. In both case, my client application is using wrapClient()

    javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

    By Virendra on Aug 15, 2012

  19. Works like charm. Super. 10x a lot.

    By Mario on Aug 24, 2012

  20. Ayaw nga na po gumana may hinihingi po sya na certificate

    By renzo on Oct 24, 2012

  21. sethostnameverifier is deprecated so
    can use constructor now

    SSLSocketFactory sf = new SSLSocketFactory(ctx,
    SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

    By ashish on Jan 19, 2013

  22. facebook counect

    By idaigy on Mar 29, 2013

  23. I hope correct my facebook conuction & play store

    By Daigy Bd ISLAM on Mar 29, 2013

  24. nice project

    By Daigy Bd ISLAM on Mar 29, 2013

  25. Thanks! worked perfectly.

    By Douglas on Apr 16, 2013

  26. doesn´t work at line 14
    SSLSocketFactory ssf = new SSLSocketFactory(ctx);
    i get
    The constructor SSLSocketFactory(SSLContext) is undefined

    i used these imports
    import org.apache.http.conn.ClientConnectionManager;
    import org.apache.http.conn.scheme.Scheme;
    import org.apache.http.conn.scheme.SchemeRegistry;
    import org.apache.http.conn.ssl.SSLSocketFactory;
    import javax.net.ssl.SSLContext;
    import javax.net.ssl.TrustManager;
    import javax.net.ssl.X509TrustManager;
    import java.security.cert.CertificateException;
    import java.security.cert.X509Certificate;

    By vin on May 10, 2013

  27. @vin: hi, been a long time since i touched this code. you could try to check if there are any other packages that have the same class name

    By blogmeister on May 10, 2013

  28. i dnt have any other packages that have the same wrapclient class name

    By vin on May 10, 2013

  29. hi blogmeister,

    i really facing hard time regarding this issue.can u please make some suggestions and if u have any chance provide me this code with example project which can i understand easily.my email-id: vinodkumarbollineni@gmail.com , it will be helpful to me ,please suggest me some solution. thanks in advance.

    By vin on May 10, 2013

  30. this can be resolved in two ways: the client trust all certificates or server-side add a certificate, the specific cause analysis and solutions see: http://www.trinea.cn/android/android-java-https-ssl-exception-2/

    By Trinea on Aug 27, 2013

Post a Comment