Opening an SSL web-browser connection in HtmlUnit library

I've searched through web for couple hours on this issue, and none of the answers I found didn't really fit into my problem, so here's me, asking my first-ever question in SOF.

So, I'm trying to open a web-browser from a java program using the htmlunit library. The web site I need to connect requires 开发者_运维知识库SSL connection, and the certificate is stored in a USB key. Its iKey2023 product.

The system used to work(I did not write it), but one of the certificates in the USB key expired, so it automatically moved on to the next one (there were 4 certificates in total), and it suddenly stopped working.

It is giving me javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated error.

I'm back home now and I forgot the exact name of the method, but I remember the following.

1. Browser instance is created, using IE8

2. browser.setWebConnection method was called. This method, according to the API, is an internal API.

3. Make connection to the website by passing the URL as parameter

It's throwing the exception at step 3.

Some more details. The little details might be incorrect but I'm trying to describe a big picture. At step 2, the method requites WebConnection object as a parameter, and there is a implementation of that interface. Within this implementation, a keystore is created using sun.security.pkcs11.SunPKCS11(configFileInputStream) (did I spell that correctly?)

It was sth like this.

Provider p = new sun.security.pkcs11.SunPKCS11(configFileInputStream); Security.addProvider(p);

And create a keystore from this provider.

Using this keystore, within the WebConnection implementation, it creates a SSLSocket.

So, after the certificate has been switched to a new one, it's not picking up the certificate correctly.

Here's what I've tried.

1. I've tried to use different methods in the htmlunit library, something like setSecurityProvider, and I tried to put the Provider object created in above code snippet. I got class cast exception.

2. I tried to manually set the system properties(trustStore, trustStorePassword, keyStore, etc). In order to do this, I wanted to export the certificate out of the USB key, but it did not let me export the private key out from it, so I could not really create a valid PKCS12 file out of it (openSSL wanted a private key file along with .pem file for conversion, and I did not have that key file).

They did not work, and I'm so stuck right now.

---

I have a similar issue. In my case, an admin changed the certificate and I began encountering the same SSLPeerUnverifiedException.

I found that I can set the WebClient to use insecureSSL (prior to calling getPage())and I will no longer get the exception.

webClient.setUseInsecureSSL(true);

This however, doesn't resolve the issue as the server basically doesn't authenticate the client.

Its as if the WebClient is storing something that doesn't work with the new certificate.