I am trying to use Self signed certificate with JBoss and trying to trust in code. But I am getting javax.net.ssl.SSLPeerUnverifiedException:. Here are the things I tried,
Created a keystore
Created a Trust Store
Configured SSL in JBoss AS 7.1.1
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl password="password" certificate-key-file="C:\work\certs\ks" protocol="TLSv1" verify-client="false" certificate-file="C:\work\certs\ks"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
Started the JBoss. Now I am able to access the site in chrome, by clicking ‘Proceed Anyway’ button.
But when I tried access from code, I am getting exception.
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:573)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
at com.test.utility.TestHttps.main(TestHttps.java:61)
Here is my code,
public class TestHttps {
private static TrustManager[] getTrustManagers() throws IOException, GeneralSecurityException {
String trustStorePassword = "password";
String alg = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmFact = TrustManagerFactory.getInstance(alg);
FileInputStream fis = new FileInputStream("C:\\work\\certs\\trust");
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(fis, trustStorePassword.toCharArray());
fis.close();
tmFact.init(ks);
TrustManager[] tms = tmFact.getTrustManagers();
return tms;
}
public static void main(String[] args) throws Exception {
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, getTrustManagers(), null);
SSLSocketFactory ssf = new SSLSocketFactory(context);
HttpClient base = new DefaultHttpClient();
ClientConnectionManager ccm = base.getConnectionManager();
SchemeRegistry registry = ccm.getSchemeRegistry();
registry.register(new Scheme("https", 8443, ssf));
try {
DefaultHttpClient httpClient = new DefaultHttpClient(ccm, base.getParams());
HttpGet getRequest = new HttpGet("https://localhost:8443/cafe/");
HttpResponse response = httpClient.execute(getRequest);
if (response.getStatusLine().getStatusCode() != 200) {
throw new RuntimeException("Failed : HTTP error code : "
+ response.getStatusLine().getStatusCode());
}
BufferedReader br = new BufferedReader(new InputStreamReader(
(response.getEntity().getContent())));
String output;
while ((output = br.readLine()) != null) {
System.out.println(output);
}
httpClient.getConnectionManager().shutdown();
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
}
Please let me know what I am doing wrong. Thanks in advance.
I found the problem by setting the system property
It seems the problem is with Jboss SSL configuration,
removed protocol=”TLSv1″. And imported the certificate to JRE keystore as
keytool -import -alias localhost -file C:\ssl\test.cer -keystore %JAVA_HOME%\jre\lib\security\cacerts”
After that the following code works like a charm.