public HttpClientVM() {
BasicHttpParams params = new BasicHttpParams();
ConnManagerParams.setMaxTotalConnections(params, 10);
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
HttpProtocolParams.setUseExpectContinue(params, false);
HttpConnectionParams.setStaleCheckingEnabled(params, true);
HttpConnectionParams.setConnectionTimeout(params, 30000);
HostnameVerifier hostnameVerifier=
org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();
socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme("http",socketFactory, 80));
schemeRegistry.register(new Scheme("https",socketFactory, 443));
ThreadSafeClientConnManager manager = new ThreadSafeClientConnManager(params, schemeRegistry);
// Set verifier
client = new DefaultHttpClient(manager, params);
}
Window7,HttpClient4
Window7,HttpClient4
when executed : client.accessURL(url); it occurs:
当执行:client.accessURL(url);它发生在:
Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:495)
at org.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(SchemeSocketFactoryAdaptor.java:62)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:150)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:575)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
7 个解决方案
#1
14
Expired certificate was the cause of our "javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated".
过期的证书是我们的“javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated”的原因。
keytool -list -v -keystore filetruststore.ts
keytool -list -v -keystore filetruststore.ts。
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: somealias
Creation date: Jul 26, 2012
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Unknown, OU=SomeOU, O="Some Company, Inc.", L=SomeCity, ST=GA, C=US
Issuer: CN=Unknown, OU=SomeOU, O=Some Company, Inc.", L=SomeCity, ST=GA, C=US
Serial number: 5011a47b
Valid from: Thu Jul 26 16:11:39 EDT 2012 until: Wed Oct 24 16:11:39 EDT 2012
#2
9
This error is because your server doesn't have a valid SSL certificate. Hence we need to tell the client to use a different TrustManager. Here is a sample code:
这个错误是因为您的服务器没有有效的SSL证书。因此,我们需要告诉客户使用不同的TrustManager。下面是一个示例代码:
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[]{tm}, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = base.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", 443, ssf));
client = new DefaultHttpClient(ccm, base.getParams());
#3
6
This exception will come in case your server is based on JDK 7 and your client is on JDK 6 and using SSL certificates. In JDK 7 sslv2hello message handshaking is disabled by default while in JDK 6 sslv2hello message handshaking is enabled. For this reason when your client trying to connect server then a sslv2hello message will be sent towards server and due to sslv2hello message disable you will get this exception. To solve this either you have to move your client to JDK 7 or you have to use 6u91 version of JDK. But to get this version of JDK you have to get the MOS (My Oracle Support) Enterprise support. This patch is not public.
如果您的服务器基于JDK 7,而您的客户端使用JDK 6并使用SSL证书,则会出现此异常。在JDK 7 sslv2hello消息握手被默认禁用,而在JDK 6 sslv2hello消息握手被启用。因此,当您的客户端尝试连接服务器时,一个sslv2hello消息将被发送到服务器,由于sslv2hello消息禁用,您将获得此异常。要解决这个问题,您必须将客户机移动到JDK 7,或者必须使用6u91版本的JDK。但是要获得这个版本的JDK,您必须获得MOS(我的Oracle支持)企业支持。这个补丁不是公开的。
#4
2
You can get this if the client specifies "https" but the server is only running "http". So, the server isn't expecting to make a secure connection.
如果客户端指定了“https”,但是服务器只运行“http”,那么您可以得到这个。因此,服务器并不期望建立安全的连接。
#5
1
This can also happen if you are attempting to connect over HTTPS and the server is not configured to handle SSL connections correctly.
如果您试图通过HTTPS进行连接,而服务器没有正确地处理SSL连接,那么也可能发生这种情况。
I would check your application servers SSL settings and make sure that the certification is configured correctly.
我将检查您的应用程序服务器SSL设置,并确保正确地配置了证书。
#6
0
In my case I was using a JDK 8 client and the server was using insecure old ciphers. The server is Apache and I added this line to the Apache config:
在我的例子中,我使用的是JDK 8客户机,而服务器使用的是不安全的旧密码。服务器是Apache,我在Apache配置中添加了这一行:
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT
You should use a tool like this to verify your SSL configuration is currently secure: https://www.ssllabs.com/ssltest/analyze.html
您应该使用这样的工具来验证SSL配置当前是否安全:https://www.ssllabs.com/ssltest/analyze.html。
#7
-6
if you are in dev mode with not valid certificate, why not just set weClient.setUseInsecureSSL(true). works for me
如果您在开发模式中没有有效的证书,为什么不直接设置weClient.setUseInsecureSSL(true)呢?适合我
#1
14
Expired certificate was the cause of our "javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated".
过期的证书是我们的“javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated”的原因。
keytool -list -v -keystore filetruststore.ts
keytool -list -v -keystore filetruststore.ts。
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: somealias
Creation date: Jul 26, 2012
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Unknown, OU=SomeOU, O="Some Company, Inc.", L=SomeCity, ST=GA, C=US
Issuer: CN=Unknown, OU=SomeOU, O=Some Company, Inc.", L=SomeCity, ST=GA, C=US
Serial number: 5011a47b
Valid from: Thu Jul 26 16:11:39 EDT 2012 until: Wed Oct 24 16:11:39 EDT 2012
#2
9
This error is because your server doesn't have a valid SSL certificate. Hence we need to tell the client to use a different TrustManager. Here is a sample code:
这个错误是因为您的服务器没有有效的SSL证书。因此,我们需要告诉客户使用不同的TrustManager。下面是一个示例代码:
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[]{tm}, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = base.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", 443, ssf));
client = new DefaultHttpClient(ccm, base.getParams());
#3
6
This exception will come in case your server is based on JDK 7 and your client is on JDK 6 and using SSL certificates. In JDK 7 sslv2hello message handshaking is disabled by default while in JDK 6 sslv2hello message handshaking is enabled. For this reason when your client trying to connect server then a sslv2hello message will be sent towards server and due to sslv2hello message disable you will get this exception. To solve this either you have to move your client to JDK 7 or you have to use 6u91 version of JDK. But to get this version of JDK you have to get the MOS (My Oracle Support) Enterprise support. This patch is not public.
如果您的服务器基于JDK 7,而您的客户端使用JDK 6并使用SSL证书,则会出现此异常。在JDK 7 sslv2hello消息握手被默认禁用,而在JDK 6 sslv2hello消息握手被启用。因此,当您的客户端尝试连接服务器时,一个sslv2hello消息将被发送到服务器,由于sslv2hello消息禁用,您将获得此异常。要解决这个问题,您必须将客户机移动到JDK 7,或者必须使用6u91版本的JDK。但是要获得这个版本的JDK,您必须获得MOS(我的Oracle支持)企业支持。这个补丁不是公开的。
#4
2
You can get this if the client specifies "https" but the server is only running "http". So, the server isn't expecting to make a secure connection.
如果客户端指定了“https”,但是服务器只运行“http”,那么您可以得到这个。因此,服务器并不期望建立安全的连接。
#5
1
This can also happen if you are attempting to connect over HTTPS and the server is not configured to handle SSL connections correctly.
如果您试图通过HTTPS进行连接,而服务器没有正确地处理SSL连接,那么也可能发生这种情况。
I would check your application servers SSL settings and make sure that the certification is configured correctly.
我将检查您的应用程序服务器SSL设置,并确保正确地配置了证书。
#6
0
In my case I was using a JDK 8 client and the server was using insecure old ciphers. The server is Apache and I added this line to the Apache config:
在我的例子中,我使用的是JDK 8客户机,而服务器使用的是不安全的旧密码。服务器是Apache,我在Apache配置中添加了这一行:
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT
You should use a tool like this to verify your SSL configuration is currently secure: https://www.ssllabs.com/ssltest/analyze.html
您应该使用这样的工具来验证SSL配置当前是否安全:https://www.ssllabs.com/ssltest/analyze.html。
#7
-6
if you are in dev mode with not valid certificate, why not just set weClient.setUseInsecureSSL(true). works for me
如果您在开发模式中没有有效的证书,为什么不直接设置weClient.setUseInsecureSSL(true)呢?适合我