Using HttpClient 4.1.0, we're trying to connect to a remote server that normally would be connected to using a form. By the way, this will be for production use but I would not call the information we're sending sensitive. I'm not sure if they will insist on an https connection anyway.
When we try to call httpClient.execute(httpPost), it throws a SSLPeerUnverifiedException
We're creating a DefaultHttpClient using a ThreadSafeClientConnManager and have verified that the https registry is associated with a SSLSocketFactory.
We're connecting to a url like this: https://some.thingchangedtoprotectthem.com/servlet/servlet.Something
Why would the browser work like a charm, but 开发者_运维知识库using a server side process blows up with that exception? Is it because the browser comes with verisign certificates and HttpClient does not?
System.out and Stack trace below:
schemeSocketFactory = org.apache.http.conn.ssl.SSLSocketFactory
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:345)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:562)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
Yes indeed. You should to have a look at this blog post where the author describes how to download and install a certificate in your keystore. It's written as an article for Android developers, but it most definitely applies to your case.
Worst case, this question will tell you how to trust all certificates, though that's not a very good idea. ;)
"Is it because the browser comes with verisign certificates and HttpClient does not?"
Almost certainly.
See this message for ideas on how to fix it.
精彩评论