How To Avoid javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated Problem Using Apache HttpClient

I use Apache’s HttpClient library for all my URL related needs. It is a marvelous library that does most of the job behind the scenes. Compared the Java’s URL class, it is not as easy to use as Apache’s HttpClient. While using this library, a site that I commonly check for updates threw the exception message javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated.

When I checked the site, it seemed that its SSL certificated had expired. The only workaround for this is to create your own TrustManager. This class actually checks if the SSL certificate is valid. The scheme used by SSL is called X.509 and Java has a specific TrustManager for this scheme, called X509TrustManager.

This handy method created by theskeleton is just the perfect solution to have your HttpClient object bypass any SSL related errors and ensures that it accepts all SSL certificates of a site, whether it is expired or not.

Related Posts Plugin for WordPress, Blogger...

29 comments

  1. Does this wrapper work, if I dont have certificates configured within my app server? Can you confirm? (As I see exception still persisting. Im using HttpPost)

  2. doesn´t work at line 14
    SSLSocketFactory ssf = new SSLSocketFactory(ctx);

    i get

    The constructor SSLSocketFactory(SSLContext) is undefined

  3. I got the same error for a server certificate that was self signed. The suggested solution worked for me on httpcomponents-client-4.1.3.

  4. Worked on first try. Used these imports.
    Thanks. Had been searching for a solution for many hours now.

    import org.apache.http.conn.ClientConnectionManager;
    import org.apache.http.conn.scheme.Scheme;
    import org.apache.http.conn.scheme.SchemeRegistry;
    import org.apache.http.conn.ssl.SSLSocketFactory;

    import javax.net.ssl.SSLContext;
    import javax.net.ssl.TrustManager;
    import javax.net.ssl.X509TrustManager;
    import java.security.cert.CertificateException;
    import java.security.cert.X509Certificate;

  5. This it’s a nice quick fix for testing but you realise that by doing this you basically shoot yourself in the foot from a security point of view, don’t you? Your app can no longer guarantee that the incoming data is from the source you intended.

  6. If I deploy my war JBOSS AS 7 server, I get below error. If I deploy same war on tomcat 7. it works fine. In both case, my client application is using wrapClient()

    javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

  7. sethostnameverifier is deprecated so
    can use constructor now

    SSLSocketFactory sf = new SSLSocketFactory(ctx,
    SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

  8. doesn´t work at line 14
    SSLSocketFactory ssf = new SSLSocketFactory(ctx);
    i get
    The constructor SSLSocketFactory(SSLContext) is undefined

    i used these imports
    import org.apache.http.conn.ClientConnectionManager;
    import org.apache.http.conn.scheme.Scheme;
    import org.apache.http.conn.scheme.SchemeRegistry;
    import org.apache.http.conn.ssl.SSLSocketFactory;
    import javax.net.ssl.SSLContext;
    import javax.net.ssl.TrustManager;
    import javax.net.ssl.X509TrustManager;
    import java.security.cert.CertificateException;
    import java.security.cert.X509Certificate;

    1. @vin: hi, been a long time since i touched this code. you could try to check if there are any other packages that have the same class name

  9. hi blogmeister,

    i really facing hard time regarding this issue.can u please make some suggestions and if u have any chance provide me this code with example project which can i understand easily.my email-id: vinodkumarbollineni@gmail.com , it will be helpful to me ,please suggest me some solution. thanks in advance.

Leave a Reply

Your email address will not be published. Required fields are marked *