为什么我得到一个异常javax.net.ssl.SSLPeerUnverifiedException:peer未经身份验证?
我正在使用Apache HttpComponents HttpClient(4.0.1)进行HTTPS调用,但我将此异常作为响应:为什么我得到一个异常javax.net.ssl.SSLPeerUnverifiedException:peer未经身份验证?,java,ssl,https,apache-httpclient-4.x,Java,Ssl,Https,Apache Httpclient 4.x,我正在使用Apache HttpComponents HttpClient(4.0.1)进行HTTPS调用,但我将此异常作为响应: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:345) at org.apa
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:345)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:561)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
我提供了所有必需的参数。目标系统不需要任何用户名/密码或代理,但它包含安装在服务器中的JKS CSC证书。用户名和密码为空值
这是与org.apache.commons.httpclient.methods.PostMethod
-Version 3.0-commons-httpclient-3.0.jar一起使用的
现在我们已经用org.apache.http.client.methods.HttpPost
-Version 4.0.1-commons-httpclient.jar实现了
这是不起作用的示例代码段:
HttpParams param = new BasicHttpParams();
HttpProtocolParams.setVersion(param, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(param, "UTF-8");
HttpProtocolParams.setUseExpectContinue(param, true);
DefaultHttpClient httpClient = new DefaultHttpClient(param);
httpClient.getParams().setParameter(HttpConnectionParams.CONNECTION_TIMEOUT,10000)));
httpClient.getParams().setParameter(HttpConnectionParams.SO_TIMEOUT,10000)));
httpClient.getCredentialsProvider().setCredentials(new AuthScope(<HOST IP,PORT)),
AuthScope.ANY_REALM),
new UsernamePasswordCredentials("", ""));
try {
HttpPost httpPost = new HttpPost(END POINT URL);
StringEntity requestEntity = new StringEntity(inputString, "text/xml", "UTF-8");
httpPost.setEntity(requestEntity);
response = httpClient.execute(httpPost);
HttpEntity responseEntity = response.getEntity();
if (null != responseEntity)
{
responseBody = EntityUtils.toString(responseEntity);
}
if (null != httpPost.getURI()) {
url = httpPost.getURI().toString();
}
} catch (IOException e) {
e.printStackTrace();
} finally {
httpClient.getConnectionManager().shutdown();
}
HttpParams param=new BasicHttpParams();
HttpProtocolParams.setVersion(param,HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(参数,“UTF-8”);
HttpProtocolParams.setUseExpectContinue(param,true);
DefaultHttpClient httpClient=新的DefaultHttpClient(参数);
httpClient.getParams().setParameter(HttpConnectionParams.CONNECTION_TIMEOUT,10000));
httpClient.getParams().setParameter(HttpConnectionParams.SO_TIMEOUT,10000));
httpClient.getCredentialsProvider().setCredentials(新建AuthScope(),如上所述,您可以导入证书
在已放置证书的目录中启动命令提示符(例如XYZ.cer)
运行以下命令只需更改活动jre路径(请注意~symbol)
keytool-import-alias XYZ-file XYZ.cer-keystore C:/Program~1/Java/jdk1.6.023/jre/lib/security/cacerts-storepass changeit
OR
使用您自己的信任管理器
异常消息
javax.net.ssl.SSLPeerUnverifiedException:对等方未经过身份验证
并不总是指出问题的根本原因。
您可能需要通过添加Java VM参数-Djavax.net.debug=SSL:handshake
来启用SSL握手调试。
一旦添加了,您将获得更多有用的错误消息。
如果远程服务器使用不受信任的证书,您将看到以下错误消息:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
如果是这种情况,@Abhishek的回答将解决此问题。确保服务器URL应使用https而不是http。尝试设置到http URL的安全连接时可能会出现此错误。任何SSL连接问题都可能导致此错误
我的解决方案之一是将java从6升级到8。
我们的问题是,我们要通信的服务器停止支持TLS 1.0。java 6不支持TLS 1.0的更高版本。在更新java(即使没有升级dropwizard)后,它也可以工作