SSLPeerUnverifiedException: peer not authenticated

Question

Yet again, the dreary Problem of SSLPeerUnverified, but I'm not using self signed certificates. I try to connect to a host using https. This host has a correct certificate, neither Firefox nor HttpsUrlConnection has any problems with it. However trying to connect using HttpClient, I get the dreaded exception.

Any clues? Or tip where to look closer?

Thanks!

Edit: Debug output

main, handling exception:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:  sun.security.provider.certpath.SunCertPathBuilderException:  unable to find valid certification path to requested target 

main, IOException in getSession():

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:  PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:  unable to find valid certification path to requested target 

Answer 1

It seems that you need to import the certificate into the trusted keystore your JVM is using. If you are not using a different trusted keystore in your application this will be "cacerts".

You can follow a step by step guide at "How to Fix 'SSLPeerUnverifiedException: peer not authenticated' Exception in Groovy / Java ".

Short version:

1. Run the following command, replace $ADDRESS with the URL, minus the "https://":

   echo -n | openssl s_client -connect $ADDRESS:443 | \   sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/$ADDRESS.cert 

2. Run the following command, replace $ALIAS a short name for the key, $ADDRESS with the cert name from above, $PATH with the path to cacerts in your JRE.

    sudo keytool -importcert -alias "$ALIAS" -file /tmp/$ADDRESS.cert \    -keystore $PATH/cacerts -storepass changeit 

Answer 2

Previous answer link doesn't work, so I attach additional:

https://blogs.oracle.com/java-platform-group/entry/self_signed_certificates_for_a