为什么我得到一个exceptionjavax.net.ssl.SSLPeerUnverifiedException:peer未经过身份validation?
我正在使用Apache HttpComponents HttpClient(4.0.1)进行HTTPS调用,但我将此exception作为响应:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:345) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148) at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149) at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:561) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732) 我提供了所有必需的参数。 目标系统不需要任何用户名/密码或代理,但它包含安装在服务器中的JKS证书。 用户名和密码是空值。
这与org.apache.commons.httpclient.methods.PostMethod一起使用 – 版本3.0 – commons-httpclient-3.0.jar现在我们用org.apache.http.client.methods.HttpPost实现了 – 版本4.0.1 – commons- httpclient.jar
这是不起作用的示例代码段:
HttpParams param = new BasicHttpParams(); HttpProtocolParams.setVersion(param, HttpVersion.HTTP_1_1); HttpProtocolParams.setContentCharset(param, "UTF-8"); HttpProtocolParams.setUseExpectContinue(param, true); DefaultHttpClient httpClient = new DefaultHttpClient(param); httpClient.getParams().setParameter(HttpConnectionParams.CONNECTION_TIMEOUT,10000))); httpClient.getParams().setParameter(HttpConnectionParams.SO_TIMEOUT,10000))); httpClient.getCredentialsProvider().setCredentials(new AuthScope(<HOST IP,PORT)), AuthScope.ANY_REALM), new UsernamePasswordCredentials("", "")); try { HttpPost httpPost = new HttpPost(END POINT URL); StringEntity requestEntity = new StringEntity(inputString, "text/xml", "UTF-8"); httpPost.setEntity(requestEntity); response = httpClient.execute(httpPost); HttpEntity responseEntity = response.getEntity(); if (null != responseEntity) { responseBody = EntityUtils.toString(responseEntity); } if (null != httpPost.getURI()) { url = httpPost.getURI().toString(); } } catch (IOException e) { e.printStackTrace(); } finally { httpClient.getConnectionManager().shutdown(); }
exception消息
javax.net.ssl.SSLPeerUnverifiedException:peer未经过身份validation
并不总是表明问题的根本原因。 您可能需要通过添加Java VM参数-Djavax.net.debug=ssl:handshake来启用SSL握手调试。 添加完成后,您将收到更多有用的错误消息。 如果远程服务器使用不受信任的证书,您将看到以下错误消息:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
如果是这种情况,那么@Abhishek的答案将解决问题。
如上所述,您要么导入证书
- 在已放置证书的目录中启动命令提示符(例如XYZ.cer)
- 运行以下命令只需更改活动的jre路径(请注意〜符号)
-
keytool -import -alias XYZ -file XYZ.cer -keystore C:/Program~1/Java/jdk1.6.0_23/jre/lib/security/cacerts-storepass changeit
OR
使用您自己的信托经理http://tech.chitgoks.com/2011/04/24/how-to-avoid-javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated-problem-using-apache-httpclient/
任何SSL连接问题都可能导致此错误。
我的解决方案之一是将java从6升级到8.我们的问题是我们打算通信的服务器是停止支持TLS 1.0。 并且java 6不支持TLS 1.0的上层版本。 更新Java(即使没有升级dropwizard)它工作。
确保服务器URL应该使用https而不是http。 尝试建立与http URL的安全连接时,您可能会收到此错误。