异常:javax.net.ssl.SSLPeerUnverifiedException:对等端未经过身份验证
[英]Exception : javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
问题描述
public HttpClientVM() {
BasicHttpParams params = new BasicHttpParams();
ConnManagerParams.setMaxTotalConnections(params, 10);
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
HttpProtocolParams.setUseExpectContinue(params, false);
HttpConnectionParams.setStaleCheckingEnabled(params, true);
HttpConnectionParams.setConnectionTimeout(params, 30000);
HostnameVerifier hostnameVerifier=
org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();
socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme("http",socketFactory, 80));
schemeRegistry.register(new Scheme("https",socketFactory, 443));
ThreadSafeClientConnManager manager = new ThreadSafeClientConnManager(params, schemeRegistry);
// Set verifier
client = new DefaultHttpClient(manager, params);
}
Problem:
问题:
When executing client.accessURL(url) , the following error occurs:执行client.accessURL(url)时,出现如下错误:
Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:495)
at org.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(SchemeSocketFactoryAdaptor.java:62)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:150)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:575)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
Additional information:附加信息:
- Window 7 Window 7
- HttpClient 4 HTTP客户端4
9 个解决方案
解决方案1
29 2012-10-30 19:50:50
Expired certificate was the cause of our "javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated".过期的证书是我们的“javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated”的原因。
keytool -list -v -keystore filetruststore.ts
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: somealias
Creation date: Jul 26, 2012
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Unknown, OU=SomeOU, O="Some Company, Inc.", L=SomeCity, ST=GA, C=US
Issuer: CN=Unknown, OU=SomeOU, O=Some Company, Inc.", L=SomeCity, ST=GA, C=US
Serial number: 5011a47b
Valid from: Thu Jul 26 16:11:39 EDT 2012 until: Wed Oct 24 16:11:39 EDT 2012
解决方案2
13 2012-03-06 05:14:23
This error is because your server doesn't have a valid SSL certificate.此错误是因为您的服务器没有有效的 SSL 证书。 Hence we need to tell the client to use a different TrustManager.因此我们需要告诉客户端使用不同的 TrustManager。 Here is a sample code:这是一个示例代码:
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[]{tm}, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = base.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", 443, ssf));
client = new DefaultHttpClient(ccm, base.getParams());
解决方案3
12 2015-08-26 07:56:30
This exception will come in case your server is based on JDK 7 and your client is on JDK 6 and using SSL certificates.如果您的服务器基于 JDK 7,而您的客户端在 JDK 6 上并使用 SSL 证书,则会出现此异常。 In JDK 7 sslv2hello message handshaking is disabled by default while in JDK 6 sslv2hello message handshaking is enabled.在 JDK 7 中 sslv2hello 消息握手默认是禁用的,而在 JDK 6 中 sslv2hello 消息握手是启用的。 For this reason when your client trying to connect server then a sslv2hello message will be sent towards server and due to sslv2hello message disable you will get this exception.因此,当您的客户端尝试连接服务器时,将向服务器发送 sslv2hello 消息,并且由于 sslv2hello 消息禁用,您将收到此异常。 To solve this either you have to move your client to JDK 7 or you have to use 6u91 version of JDK.要解决此问题,您必须将客户端移至 JDK 7,或者必须使用 6u91 版本的 JDK。 But to get this version of JDK you have to get the MOS (My Oracle Support) Enterprise support.但是要获得此版本的 JDK,您必须获得 MOS(My Oracle Support)企业支持。 This patch is not public.这个补丁不是公开的。
解决方案4
5 2016-06-10 20:36:15
You can get this if the client specifies "https" but the server is only running "http".如果客户端指定“https”但服务器仅运行“http”,则您可以获得此信息。 So, the server isn't expecting to make a secure connection.因此,服务器不希望建立安全连接。
解决方案5
3 2013-06-07 16:42:32
This can also happen if you are attempting to connect over HTTPS and the server is not configured to handle SSL connections correctly.如果您尝试通过 HTTPS 连接并且服务器未配置为正确处理 SSL 连接,也会发生这种情况。
I would check your application servers SSL settings and make sure that the certification is configured correctly.我会检查您的应用程序服务器 SSL 设置并确保证书配置正确。
解决方案6
1 2016-01-12 12:54:19
In my case I was using a JDK 8 client and the server was using insecure old ciphers.就我而言,我使用的是 JDK 8 客户端,而服务器使用的是不安全的旧密码。 The server is Apache and I added this line to the Apache config:服务器是 Apache,我将此行添加到 Apache 配置中:
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT
You should use a tool like this to verify your SSL configuration is currently secure: https://www.ssllabs.com/ssltest/analyze.html您应该使用这样的工具来验证您的 SSL 配置当前是否安全: https : //www.ssllabs.com/ssltest/analyze.html
解决方案7
0 2021-07-21 09:17:52
In my case, the server was running on Docker (using base image adoptopenjdk/openjdk11:alpine) and the issue was a TLS protocol level error (thanks to the following page for providing the explanation: https://jfrog.com/knowledge-base/how-to-resolve-the-javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated-error-when-using-java-11/ ).在我的例子中,服务器在 Docker 上运行(使用基础镜像采用 passopenjdk/openjdk11:alpine),问题是 TLS 协议级别错误(感谢以下页面提供解释: https : //jfrog.com/knowledge- base/how-to-resolve-the-javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated-error-when-using-java-11/ )。
The solution was eventually to run the client using the following java flag:解决方案最终是使用以下 java 标志运行客户端:
-Djdk.tls.client.protocols=TLSv1.2
解决方案8
0 2023-01-27 06:36:23
The same issue I was facing we are using VPN this occurs when the captcha certificate is missing in your keystore.jks file.当您的 keystore.jks 文件中缺少验证码证书时,我们使用 VPN 时会遇到同样的问题。
Check if your server keystore has the captcha certificate or not, to do this use the below command.
检查您的服务器密钥库是否具有验证码证书,为此请使用以下命令。 Go to your keystore.jks location and hit usr/java/jdk1.7.0_91/bin/keytool -list -v -keystore keystore.jksit will list all the certificate you have in it where:usr/java/jdk1.7.0_91/bin/keytoolis the location of your java keytool you can usewhich javacommand if you are not sure of java path on your server.Go 到您的 keystore.jks 位置并点击usr/java/jdk1.7.0_91/bin/keytool -list -v -keystore keystore.jks它将列出您在其中拥有的所有证书,其中:usr/java/jdk1.7.0_91/bin/keytool是 java keytool 的位置,如果您不确定服务器上的 java 路径,可以使用which java命令。If its not there then you have to download the captcha certifacte and install it to keystore, to do this follow the step:
如果它不存在,那么您必须下载验证码证书并将其安装到密钥库,按照以下步骤进行操作:
a.一种。 Open: https://www.google.com/recaptcha/api/siteverify and click on the secure icon,Click on certificate is valid打开: https://www.google.com/recaptcha/api/siteverify点击secure图标,点击certificate is valid
b. b. Click on connection is secure点击连接是安全的
c. After that Click on details and export the certificate as .crt c。之后单击详细信息并将证书导出为.crt
d. d. Copy this.crt file on your server.将 this.crt 文件复制到您的服务器上。
Go to the location of keystore.jks :
Run this command :
/usr/java/jdk1.7.0_91/bin/keytool -import -alias googlecaptcha -keystore "/location/to/the/keystore.jks" -file "/location/to/crtfile/where/you/have/keep/ /on/server/googlecaptcha.crt"
NOTE: I have renamed www.google.com.crt as googlecaptcha.crt, also change the location parameter.注意:我已将www.google.com.crt重命名为 googlecaptcha.crt,同时更改位置参数。
Once the certificate is installed you can use the list command (given in step 1) to verify it.安装证书后,您可以使用列表命令(在步骤 1 中给出)来验证它。
Here is the code snippet once the above process is done:这是完成上述过程后的代码片段:
try {
URL url = new URL(googleURL);
if(proxy!=null){
conn = (HttpURLConnection)url.openConnection(proxy);
}else{
conn = (HttpURLConnection)url.openConnection();
}
conn.setRequestMethod("POST");
conn.setRequestProperty("Accept", "application/json");
InputStreamReader in = new InputStreamReader(conn.getInputStream());
BufferedReader br = new BufferedReader(in);
StringBuilder sb = new StringBuilder();
String output;
while ((output = br.readLine()) != null) {
System.out.println(output);
sb.append(output);
}
String responseNew = sb.toString();
responseObject = (ImplValidateCaptchaGoogleResponse)this.mapper.readValue(responseNew, ImplValidateCaptchaGoogleResponse.class);
} catch (Exception e) {
LOGGER.debug("ERROR_OCCURED ::"+e.getMessage() );
e.printStackTrace();
}
}
解决方案9
-8 2014-04-28 10:58:05
if you are in dev mode with not valid certificate, why not just set weClient.setUseInsecureSSL(true) .如果您处于开发模式且证书无效,为什么不设置weClient.setUseInsecureSSL(true) 。 works for me为我工作
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.