SyntaxFix

[java] SSL "Peer Not Authenticated" error with HttpClient 4.1

I am building a simple app monitor to poll one of our API URLs and email us if it can't get a HTTP 200 status code from the response (this would indicate our API is down for some reason).

I am using HttpClient 4.1 (this is important because its API differs greatly from 3.x).

Our API is secure with SSL, however entering:

http://example.com/our-api

into a web browser redirects you to

https://example.com/our-api

Without causing any errors.

When HttpClient attempts to hit this URL (http://example.com/our-api), it fails with a javax.net.ssl.SSLPeerUnverifiedException exception with a message stating:

peer not authenticated

I see this happening a lot for other people as is evidenced by this post (which also provides some ways of circumventing this problem - a solution that I am going to try and implement tonight in fact).

What this other post (and the other similar ones to it) do not do is explain why this is happening in the first place! So, rather than ask "how do I fix this?" I figured I would ask "why is this happening?" Before I go barging ahead with one of the proposed solutions, I'd like to know what the problem is that I'm attempting to fix ;-)

This question is related to java ssl httpclient ssl-certificate

The answer is

keytool -import -v -alias cacerts -keystore cacerts.jks -storepass changeit -file C:\cacerts.cer

Im not a java developer but was using a java app to test a RESTful API. In order for me to fix the error I had to install the intermediate certificates in the webserver in order to make the error go away. I was using lighttpd, the original certificate was installed on an IIS server. Hope it helps. These were the certificates I had missing on the server.

  • CA.crt
  • UTNAddTrustServer_CA.crt
  • AddTrustExternalCARoot.crt

This is thrown when

... the peer was not able to identify itself (for example; no certificate, the particular cipher suite being used does not support authentication, or no peer authentication was established during SSL handshaking) this exception is thrown.

Probably the cause of this exception (where is the stacktrace) will show you why this exception is thrown. Most likely the default keystore shipped with Java does not contain (and trust) the root certificate of the TTP that is being used.

The answer is to retrieve the root certificate (e.g. from your browsers SSL connection), import it into the cacerts file and trust it using keytool which is shipped by the Java JDK. Otherwise you will have to assign another trust store programmatically.

Source: Stackoverflow.com

Examples related to java

Under what circumstances can I call findViewById with an Options Menu / Action Bar item? How much should a function trust another function How to implement a simple scenario the OO way Two constructors How do I get some variable from another class in Java? this in equals method How to split a string in two and store it in a field How to do perspective fixing? String index out of range: 4 My eclipse won't open, i download the bundle pack it keeps saying error log

Examples related to ssl

Requests (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.") Error in PyCharm requesting website A fatal error occurred while creating a TLS client credential. The internal error state is 10013 curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number How to install OpenSSL in windows 10? ssl.SSLError: tlsv1 alert protocol version Invalid self signed SSL cert - "Subject Alternative Name Missing" "SSL certificate verify failed" using pip to install packages ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749) Powershell Invoke-WebRequest Fails with SSL/TLS Secure Channel "ssl module in Python is not available" when installing package with pip3

Examples related to httpclient

How to add Apache HTTP API (legacy) as compile-time dependency to build.grade for Android M? PHP GuzzleHttp. How to make a post request with params? C#: HttpClient with POST parameters How to send a Post body in the HttpClient request in Windows Phone 8? The type List is not generic; it cannot be parameterized with arguments [HTTPClient] How to add,set and get Header in request of HttpClient? No MediaTypeFormatter is available to read an object of type 'String' from content with media type 'text/plain' SSL "Peer Not Authenticated" error with HttpClient 4.1 Apache HttpClient Interim Error: NoHttpResponseException Common HTTPclient and proxy

Examples related to ssl-certificate

How to install OpenSSL in windows 10? Scraping: SSL: CERTIFICATE_VERIFY_FAILED error for http://en.wikipedia.org Not able to install Python packages [SSL: TLSV1_ALERT_PROTOCOL_VERSION] Letsencrypt add domain to existing certificate javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure bypass invalid SSL certificate in .net core How to add Certificate Authority file in CentOS 7 How to use a client certificate to authenticate and authorize in a Web API This certificate has an invalid issuer Apple Push Services iOS9 getting error “an SSL error has occurred and a secure connection to the server cannot be made”

Tags

Virtualstore Nstextattachment Gant Liferay Libharu Wcf-proxy Fix-protocol Unboundid-ldap-sdk Onmousemove Zepto Hgrc Selenium-ide Lazy-initialization Mkpinannotationview Softkeys Libssh Implicits Actiondispatch Model-based-testing Getattr Javacard Consensus Sgen.exe Runkit Statspack Groupwise Bidi Buzz Sapscript Agatha-rrsl Oracle-sqldeveloper Hoard Header-files Sendmail Build.xml Stretchblt Updatebatchsize Jsr166 Ksh Javascript-namespaces Argv Executable-format Measure Channel-api Mysource Cursor Appstore-approval Nlp Scopes Terminate-handler Screenrc Nosql Serp Piracy-protection Mvccontrib-testhelper Pingfederate Xpsdocument Validates-uniqueness-of Mdpi Hg-git Winqual Pixmap Mozilla Caml Xml-documentation Azure-queues Parsecontrol Gba Http-status-code-500 Msbuild-buildengine Phpwebsocket Accessor Hardcode Call-graph Mustache Cgpoint Awr Spinlock Ants Makekeyandordertofront Usercall Onhover Strpos Srv Xbuild Juggernaut C#-3.0 Flexmojos Core Viewhelper Microsoft.sdc.tasks Rowfilter Access-log Arcobjects Prolog Openoffice.org Suo Operation Mpmoviewcontroller Home-directory