首页

为什么我收到异常 javax.net.ssl.SSLPeerUnverifiedException: peer not authenticateed?

ssl https java apache-httpclient-4.x
2022-09-01 15:55:41

我正在使用Apache HttpComponents HttpClient(4.0.1)进行HTTPS调用,但我是这个例外作为响应:

 javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
        at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:345)
        at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
        at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
        at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
        at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
        at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
        at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:561)
        at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)

我提供了所有必需的参数。目标系统不需要任何用户名/密码或代理,但它包含安装在服务器中的 JKS csrtificates。用户名和密码为空值。

这是使用 - 版本3.0 - commons-httpclient-3.0.jar现在我们已经实现了 - 版本4.0.1 - commons-httpclient.jarorg.apache.commons.httpclient.methods.PostMethodorg.apache.http.client.methods.HttpPost

这是不起作用的示例代码片段:

HttpParams param = new BasicHttpParams();
HttpProtocolParams.setVersion(param, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(param, "UTF-8");
HttpProtocolParams.setUseExpectContinue(param, true);
DefaultHttpClient httpClient = new DefaultHttpClient(param);
httpClient.getParams().setParameter(HttpConnectionParams.CONNECTION_TIMEOUT,10000)));
httpClient.getParams().setParameter(HttpConnectionParams.SO_TIMEOUT,10000)));
httpClient.getCredentialsProvider().setCredentials(new AuthScope(<HOST IP,PORT)),
    AuthScope.ANY_REALM),
    new UsernamePasswordCredentials("", ""));

try {
HttpPost httpPost = new HttpPost(END POINT URL);
StringEntity requestEntity = new StringEntity(inputString, "text/xml", "UTF-8");
httpPost.setEntity(requestEntity);
response = httpClient.execute(httpPost);
HttpEntity responseEntity = response.getEntity();
if (null != responseEntity) 
{
    responseBody = EntityUtils.toString(responseEntity);
}
if (null != httpPost.getURI()) {
    url = httpPost.getURI().toString();
}
} catch (IOException e) {
    e.printStackTrace();
} finally {
   httpClient.getConnectionManager().shutdown();
}

答案 1

异常消息

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

并不总是指出问题的根本原因。您可能需要通过添加 Java VM 参数来启用 SSL 握手调试。添加后,您将获得更多有用的错误消息。如果远程服务器使用不受信任的证书,您将看到以下错误消息:-Djavax.net.debug=ssl:handshake

javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

如果是这种情况,那么@Abhishek的答案将解决问题。


答案 2

如上所述,您导入证书

  1. 在放置证书的目录中启动命令提示符(例如 XYZ.cer)
  2. 运行以下命令只需更改活动的 jre 路径(请注意 ~ 符号)

  3. keytool -import -alias XYZ -file XYZ.cer -keystore C:/Program~1/Java/jdk1.6.0_23/jre/lib/security/cacerts -storepass changeit

                               OR

使用您自己的信任管理器 http://tech.chitgoks.com/2011/04/24/how-to-avoid-javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated-problem-using-apache-httpclient/


推荐
更多 »
标签
更多 »
php pass-by-reference optional-parameters default-value javascript arrays dom function string object serialization tostring visibility syntax jslint use-strict operators equality equality-operator identity-operator datetime timestamp date-arithmetic redirect angularjs loops foreach iteration scope variables
推荐
更多 »