You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Litty Preeth <pr...@gmail.com> on 2011/11/08 07:56:36 UTC
Re: Regarding javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated issue
Enable the ssl debug log by setting -Djavax.net.debug=all system variable.
Make sure that the right certificate is being used. Are you using two way
ssl to authenticate the client or do you mean authentication of server?
Regards,
Litty
On Tue, Oct 25, 2011 at 6:41 PM, Aarti Gauba <ag...@sapient.com> wrote:
> Hi,
>
> I am trying to send a https request for attachment download using
> org.apache.http.impl.client.DefaultHttpClient (using
> jars-httpclient-4.1.2.jar, httpcore-4.1.2.jar). By adding a cookie to the
> request, i am able to authenticate and able to download attachments on my
> local machine(windows). However on the dev machine(linux box), i am getting
> "javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated"
> exception everytime i try to download the documents. We are using same self
> signed certificates on both local and dev enviornments.
>
> I have also tried code which will trust all hostnames and trust all
> certificates, it again worked on my local machine but did not work on dev
> box.
>
> Following exception im getting with ssl debug on :
>
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> at
> com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
> at
> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
> at
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
> ..........................
> ..........................
> <Oct 25, 2011 3:31:49 PM IST> <Debug> <SecuritySSL> <BEA-000000> <NEW
> ALERT with Severity: WARNING, Type: 0
> java.lang.Exception: New alert stack
> at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
> at
> com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown
> Source)
> at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
> at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
> at weblogic.net.http.HttpClient.closeServer(HttpClient.java:540)
> at weblogic.net.http.KeepAliveCache$1.run(KeepAliveCache.java:111)
> at java.util.TimerThread.mainLoop(Timer.java:512)
> at java.util.TimerThread.run(Timer.java:462)
> >
> <Oct 25, 2011 3:31:49 PM IST> <Debug> <SecuritySSL> <BEA-000000> <write
> ALERT, offset = 0, length = 2>
> <Oct 25, 2011 3:31:49 PM IST> <Debug> <SecuritySSL> <BEA-000000> <close():
> 293132247>
> <Oct 25, 2011 3:31:49 PM IST> <Debug> <SecuritySSL> <BEA-000000>
> <SSLIOContextTable.removeContext(ctx): 2110582459>
> <Oct 25, 2011 3:31:52 PM IST> <Debug> <SecuritySSL> <BEA-000000> <NEW
> ALERT with Severity: WARNING, Type: 0
>
>
> I am using the following code:
>
> HttpGet httpget = new HttpGet(url); // url-> https url for a document
> HttpResponse response = httpclient.execute(httpget);
> HttpEntity rsentity = response.getEntity();
> rsentity.writeTo(outputStream);
>
> I am getting the exception on the first line itself.
>
> Any ideas?
>
> Thanks,
> Aarti
>