Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SSLPeerUnverifiedException: peer not authenticated

Tags:

Yet again, the dreary Problem of SSLPeerUnverified, but I'm not using self signed certificates. I try to connect to a host using https. This host has a correct certificate, neither Firefox nor HttpsUrlConnection has any problems with it. However trying to connect using HttpClient, I get the dreaded exception.

Any clues? Or tip where to look closer?

Thanks!

Edit: Debug output

main, handling exception: 

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:  sun.security.provider.certpath.SunCertPathBuilderException:  unable to find valid certification path to requested target

main, IOException in getSession(): 

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:  PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:  unable to find valid certification path to requested target
like image 719
JavaJens Avatar asked Oct 18 '12 18:10

JavaJens

People also ask

How do you fix peer not authenticated?

Resolving the problem The workaround is to extract the WebSphere Application Server certificate and add the extracted certificate to a new certificate store. Then, point the JVM that is running the Data Import command line to the new certificate store.

What does peer not authenticated mean?

This exception indicates that the Java application's truststore was unable to validate the certificate chain. This can occur when the external target's certificates have not been imported into the truststore or one or more of the certificates have expired.

What is SSLPeerUnverifiedException?

Class SSLPeerUnverifiedExceptionIndicates that the peer's identity has not been verified.

2 Answers

It seems that you need to import the certificate into the trusted keystore your JVM is using. If you are not using a different trusted keystore in your application this will be "cacerts".

You can follow a step by step guide at "How to Fix 'SSLPeerUnverifiedException: peer not authenticated' Exception in Groovy / Java ".

Short version:

  1. Run the following command, replace $ADDRESS with the URL, minus the "https://":

    echo -n | openssl s_client -connect $ADDRESS:443 | \   sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/$ADDRESS.cert

  2. Run the following command, replace $ALIAS a short name for the key, $ADDRESS with the cert name from above, $PATH with the path to cacerts in your JRE.

     sudo keytool -importcert -alias "$ALIAS" -file /tmp/$ADDRESS.cert \    -keystore $PATH/cacerts -storepass changeit
like image 65
AlexEvade Avatar answered Sep 21 '22 03:09

AlexEvade

Previous answer link doesn't work, so I attach additional:

https://blogs.oracle.com/java-platform-group/entry/self_signed_certificates_for_a

like image 43
Ivan Bondarev Avatar answered Sep 19 '22 03:09

Ivan Bondarev
Sign in to Comment

Related questions

How to set user data for a QWidget?
OpenGLES on Android - IllegalStateException: setRenderer has already been called for this instance
Is int->double->int guaranteed to be value-preserving?
Getting an indexed hash as a result from activerecord
How To apply a filter to a signal in python
Scroll-to-end in VS2012 output window
Python sqlite3 string variable in execute
Symmetric Encryption (AES): Is saving the IV and Salt alongside the encrypted data safe and proper?
SQLAlchemy: Modification of detached object
Server Document Root Path in PHP [closed]
Can't link program using Boost.Filesystem
Entity Framework Code Migrations - Stuck on Initial Migration

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!