atom feed1 message in org.apache.hc.httpclient-usersRE: HTTPS connection
FromSent OnAttachments
Nir DweckJun 16, 2014 8:26 am 
Subject:RE: HTTPS connection
From:Nir Dweck (ni@vasco-de.com)
Date:Jun 16, 2014 8:26:57 am
List:org.apache.hc.httpclient-users

Thanks Oleg.

Regards, Nir

-----Original Message----- From: Oleg Kalnichevski [mailto:ole@apache.org] Sent: Monday, June 16, 2014 11:17 AM To: HttpClient User Discussion Subject: Re: HTTPS connection

On Sun, 2014-06-15 at 20:33 +0000, Nir Dweck wrote:

Hi, Here is the implementation I did (I am using 4.2.2): ClassLoader cl = HttpSyncServer.class.getClassLoader(); URL url = cl.getResource(keyStore); if (url == null) { log.fatal("Keystore not found. HTTPS is not active"); }

KeyStore trustStore = KeyStore.getInstance("JKS"); trustStore.load(url.openStream(), pswrd.toCharArray()); KeyManagerFactory kmfactory = KeyManagerFactory.getInstance( "SunX509"); kmfactory.init(trustStore, pswrd.toCharArray()); SSLSocketFactory socketFactory = new
SSLSocketFactory(TrustManagerFactory.getDefaultAlgorithm(),trustStore, pswrd,
trustStore, null, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); Scheme sch = new Scheme("https", port, socketFactory); m_httpclient.getConnectionManager().getSchemeRegistry().register(sch);

but I still get: javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticate.

Am I doing something wrong or could it be a problem with the certificate of the
server?

Please refer to this document for help on troubleshooting SSL related issues:

http://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/ReadDebug.html

Regards, Nir

-----Original Message----- From: Nir Dweck [mailto:ni@vasco-de.com] Sent: Saturday, June 14, 2014 11:21 PM To: 'http@hc.apache.org' Subject: HTTPS connection

Hi, I'm required to connect to a server over HTTPS. The server provided me both a
certificate and a keystore for authentication. I've imported the certificate to my truststore file and registered a schema with
the keystore to the connection manager. The problem is that the host in the certificate is different than the host name
I need to reach. I know that in javax.net.ssl there is an HostNameVerifier interface that you can
set on the connection, which can solve cases like these. How do I implement it with httpcomponents-client?

Regards, Nir