Why am I getting an exception javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated?

Question

I'm using Apache HttpComponents HttpClient(4.0.1) to make a HTTPS call, but I'm this exception as the response:

 javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated         at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:345)         at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)         at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)         at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)         at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)         at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)         at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:561)         at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)         at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)         at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)         at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732) 

I provided all the required paramters. The destination system doesn't require any user name/password or proxy, but it contains JKS csrtificates that are installed in server. The user name and passwords are blank values.

This is working with org.apache.commons.httpclient.methods.PostMethod - Version 3.0 - commons-httpclient-3.0.jar Now we have implemented with org.apache.http.client.methods.HttpPost - Version 4.0.1 - commons-httpclient.jar

This is the sample code snippet which is not working:

HttpParams param = new BasicHttpParams(); HttpProtocolParams.setVersion(param, HttpVersion.HTTP_1_1); HttpProtocolParams.setContentCharset(param, "UTF-8"); HttpProtocolParams.setUseExpectContinue(param, true); DefaultHttpClient httpClient = new DefaultHttpClient(param); httpClient.getParams().setParameter(HttpConnectionParams.CONNECTION_TIMEOUT,10000))); httpClient.getParams().setParameter(HttpConnectionParams.SO_TIMEOUT,10000))); httpClient.getCredentialsProvider().setCredentials(new AuthScope(<HOST IP,PORT)),     AuthScope.ANY_REALM),     new UsernamePasswordCredentials("", ""));  try { HttpPost httpPost = new HttpPost(END POINT URL); StringEntity requestEntity = new StringEntity(inputString, "text/xml", "UTF-8"); httpPost.setEntity(requestEntity); response = httpClient.execute(httpPost); HttpEntity responseEntity = response.getEntity(); if (null != responseEntity)  {     responseBody = EntityUtils.toString(responseEntity); } if (null != httpPost.getURI()) {     url = httpPost.getURI().toString(); } } catch (IOException e) {     e.printStackTrace(); } finally {    httpClient.getConnectionManager().shutdown(); } 

Answer 1

The exception message

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

doesn't always indicate the root cause of the issue. You may need to enable the SSL handshake debug by adding theJava VM parameter -Djavax.net.debug=ssl:handshake. Once you've added that you will get more helpful error messages. If the remote server uses a certificate that is not trusted you will see the following error message:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

If that is the case then the answer by @Abhishek will solve the issue.