Menu
I know it's been asked before but I tried all the solutions that I found and it's still not working.
Basically, I'm trying to get some content via Apache Http Client (4.3) and the website that I'm connecting is having some SSL issues.
First, I was getting and SSLException with and unrecognized_name message. I tried to get around this by setting the jsse.enableSNIExtension property to false.
Then, I got this exception:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I then tried supplying my won SSLFactory that would accept all certificates but I'm still getting the same exception. Here's my code:
private static void sslTest() throws Exception {
System.setProperty("jsse.enableSNIExtension", "false");
SSLContext sslContext = SSLContexts.custom()
.loadTrustMaterial(null, new TrustSelfSignedStrategy())
.useTLS()
.build();
SSLConnectionSocketFactory connectionFactory =
new SSLConnectionSocketFactory(sslContext, new AllowAllHostnameVerifier());
CookieStore cookieStore = new BasicCookieStore();
HttpClientContext context = HttpClientContext.create();
context.setCookieStore(cookieStore);
CloseableHttpClient httpclient = HttpClients.custom()
.setSSLSocketFactory(connectionFactory)
.setDefaultCookieStore(cookieStore)
.build();
URI uri = new URIBuilder()
.setScheme("https")
.setHost(BASE_URL)
.build();
String responseBody = httpclient.execute(new HttpGet(uri), RESPONSE_HANDLER);
}
All help is greatly appreciated!
830
To resolve the issue, do one of the following: Configure SSLContext with a TrustManager that accepts any certificate (see below). Configure SSLContext with an appropriate trust store that includes your certificate. Add the certificate for that site to the default Java trust store.
C# Only http and https schemes are allowed - HttpClient - Microsoft Q&A.
HttpClient is fully thread-safe when used with a thread-safe connection manager such as MultiThreadedHttpConnectionManager.
Ignore SSL Certificate Checks with Curl. To ignore invalid and self-signed certificate checks on Curl, use the -k or --insecure command-line option. This option allows Curl to perform "insecure" SSL connections and skip SSL certificate checks while you still have SSL-encrypted communications.
Please also note that trusting self-signed certs does not mean trusting any arbitrary cert.
Try setting up your SSL context this way:
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(null,
new TrustStrategy() {
@Override
public boolean isTrusted(final X509Certificate[] chain, final String authType)
throws CertificateException {
return true;
}
})
.useTLS()
.build();
Please also note that generally trusting certificates indiscriminately defeats the purpose of using SSL in the first place. Use when absolutely necessary or for testing only
93
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
