Wednesday 16 January 2013

Tech: How to Fix 'SSLPeerUnverifiedException: peer not authenticated' Exception in Groovy / Java

This is the first in a series of tech posts on the NerdAbility blog. We are aiming to blog any useful tips / gotchas we come across when developing with various technologies. We will still be posting tech recruitment insights and NerdAbility news, so stay tuned!

How to Fix 'SSLPeerUnverifiedException: peer not authenticated' Exception in Java / Groovy


When developing with web services in Java you may come across the need to connect to a HTTPS URL, for example when creating a REST client. In some cases there will be an issue with the type of certificate the web server is using, resulting in a SSLPeerUnverifiedException.

To solve this you could previously export the servers SSL certificate via firefox / chrome and load this directly into the cacerts keystore (jvm's default trusted keystore). In recent versions of firefox / chrome this feature seems to have disappeared.  In this post we will show you how to grab the certificate using command line tools and then load it into the cacerts keystore. Finally we give an example of connecting to a HTTPS URL with Groovy using RESTClient.

Please note this guide is for Linux / Mac users. Windows users may be able to follow along using cygwin, but we have not tested this. If you are using an alternative trusted keystore in your application, use this instead of cacerts in the examples.

Prerequisites: Before loading any key into your cacerts keystore, please verify you are happy with the certificate and its authenticity, and issuer. You can do this by using a tool like this one.

Disclaimer: Follow this guide at your own risk, we can not be held liable / accountable for any damage or issues caused to you or your systems.

Step 1: Download and Store the Certificate


To download and store the certificate run the following command, changing $ADDRESS for the sites address. For example https://www.facebook.com would become facebook.com:

echo -n | openssl s_client -connect $ADDRESS:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/$ADDRESS.cert

To check the certificate was grabbed, you can run:

cat /tmp/$ADDRESS.cert

This will output the certificate and you should see something like:

-----BEGIN CERTIFICATE-----
*DATA*
-----END CERTIFICATE-----


Step 2: Load this into the default keystore for the JVM CACERTS


First of all you need to locate the cacerts keystore for the JRE you are using. To find out the version of java run the following command:

java -version

This should give you something similar to:

java version "1.6.0_11" Java(TM) SE Runtime Environment (build 1.6.0_11-b03) Java HotSpot(TM) 64-Bit Server VM (build 11.0-b16, mixed mode)

Next take the Java version number from the previous output, in this case 1.6.0_11 and use locate to find the cacerts keystore for this Java install:

locate cacerts | grep "1.6.0_11"

The output should give you something similar to:

/usr/lib/jvm/jre1.6.0_11/lib/security/cacerts

Now you have enough information to import the key into the keystore. Run the following command, replacing the $ADDRESS with the address variable you used earlier, the $ALIAS with a name for the certificate i.e. facebook. Replace the $PATH variable with the path to the cacert (the output from the locate command we just ran). Also we have added the -storepass argument, passing the default password for the cacerts keystore. You will want to change this, if you have not already, and should be prompted to do so.

sudo keytool -importcert -alias "$ALIAS" -file /tmp/$ADDRESS.cert -keystore $PATH/cacerts -storepass changeit

Once you run this you will be shown the certificate and prompted to confirm you want to import the certificate:

Trust this certificate? [no]:  yes
Certificate was added to keystore

Now you should have the certificate ready for use in your application, providing it is configured to use the default keystore and runs on the JVM we configured the certificate for!

Step 3: Test It!


Here is some example Groovy code using RESTClient:



116 comments:

  1. Its also possible to override the default behaviour for ssl handling by creating a custom TrustManager. This alleviates the potential nightmare that you might bump into when moving code through different environments etc. See SSLContext init for more.

    ReplyDelete
    Replies
    1. Hey Michael, any chance you could elaborate on this? My organization has so many servers they face the nightmare you describe. I would like to create my own TrustManager, but looking at the interface (http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/TrustManager.html) there are no methods to implement. Is it expected that creating an empty class that implements TrustManager will alleviate the need for peer authentication?

      Context:
      I'm trying to fix a few operational scripts written in groovy that use HttpBuilder and throw this error. Authenticaion fails because the scripts are hitting individual server nodes by IP (not by hitting apache or a load balancer). My understanding is that the SSL cert's hostname does not match the IP address and this causes the error. Creating self signed certs to fake the match is not a viable solution for this problem.

      Delete
    2. Provided example : https://gist.github.com/patelm5/8820842

      Delete
  2. Thanks, that was exactly what I was looking for :-)

    ReplyDelete
    Replies
    1. Thanks for sharing, this is a fantastic blog. Really looking forward to read more. Great.
      Real Estate Lawyer in Brampton

      Delete
  3. This comment has been removed by the author.

    ReplyDelete
  4. Thanks for the openssl command, I too used to use FF to do the same thing.

    If you want to avoid adding extra certificates to your JDK you could create a copy and use that instead, e.g.

    cp $JAVA_HOME/lib/security/cacerts /tmp

    then specify the copy when running your app;

    java -Djavax.net.ssl.trustStore=/tmp/cacerts com.test.Main

    ReplyDelete
  5. Hi,
    Your code was exceptionally useful. My legal department is asking whether you could license this code snippet to us or put forth some expression about it being public domain. In the event that you attach an Apache 2.0 or BSD style license, that would be simplest.
    Much thanks to you!
    ~~~~~~~~~~~~~~~~~~>>
    top hidden object games

    ReplyDelete
  6. Thanks, it really helped to resolve my issue.

    ReplyDelete
  7. The information you posted here is useful to make my career better keep updates..If anyone want to become an oracle certified professional reach FITA, which offers Best Oracle Training in Chennai with years of experienced professionals.

    ReplyDelete
  8. Hi, This is Jamuna from Chennai. I am a technology freak. I have read your blog, its really useful for me. Recently I did Java Course in Chennai at a leading Java Institutes in Chennai. This is really helpful for me to make a bright career in IT industry.



    ReplyDelete
  9. You have shared useful information. Thanks for sharing your valuable knowledge with us.
    Oracle dba training | Oracle dba training syllabus

    ReplyDelete
  10. Howdy, would you mind letting me know which web host you’re utilizing? I’ve loaded your blog in 3 completely different web browsers, and I must say this blog loads a lot quicker than most. Can you suggest a good internet hosting provider at a reasonable price?
    Hadoop Training in Chennai
    Hadoop Training in Bangalore

    ReplyDelete
  11. Hey, would you mind if I share your blog with my twitter group? There’s a lot of folks that I think would enjoy your content. Please let me know. Thank you.
    MEAN stack training in Chennai
    MEAN stack training in bangalore

    ReplyDelete
  12. Your good knowledge and kindness in playing with all the pieces were very useful. I don’t know what I would have done if I had not encountered such a step like this.
    Devops Training in pune

    Devops Training in Chennai

    Devops Training in Bangalore

    AWS Training in chennai

    AWS Training in bangalore

    ReplyDelete
  13. Well somehow I got to read lots of articles on your blog. It’s amazing how interesting it is for me to visit you very often.
    Python training in marathahalli
    Python training in pune

    ReplyDelete
  14. A very nice guide. I will definitely follow these tips. Thank you for sharing such detailed article. I am learning a lot from you.
    python online training
    python training in OMR
    python training institute in chennai

    ReplyDelete
  15. Really great post, I simply unearthed your site and needed to say that I have truly appreciated perusing your blog entries. I want to say thanks for great sharing.
    Data Science course in kalyan nagar | Data Science course in OMR
    Data Science course in chennai | Data science course in velachery
    Data science online course | Data science course in jaya nagar

    ReplyDelete
  16. Hmm, it seems like your site ate my first comment (it was extremely long) so I guess I’ll just sum it up what I had written and say, I’m thoroughly enjoying your blog. I as well as an aspiring blog writer, but I’m still new to the whole thing. Do you have any recommendations for newbie blog writers? I’d appreciate it.

    Best Selenium Training in Chennai | Selenium Training Institute in Chennai | Besant Technologies

    Selenium Training in Bangalore | Best Selenium Training in Bangalore

    AWS Training in Bangalore | Amazon Web Services Training in Bangalore

    ReplyDelete
  17. This is an awesome post.Really very informative and creative contents. These concept is a good way to enhance the knowledge.I like it and help me to development very well.Thank you for this brief explanation and very nice information.Well, got a good knowledge.
    Ethical Hacking Course in Chennai 
    Hacking Course in Chennai 
    Certified Ethical Hacking Course in Chennai 
    Ethical Hacking Course 
    Ethical Hacking Course near me

    ReplyDelete
  18. Whoa! I’m enjoying the template/theme of this website. It’s simple, yet effective. A lot of times it’s very hard to get that “perfect balance” between superb usability and visual appeal. I must say you’ve done a very good job with this.

    Oracle Training in Chennai | Best Oracle Training Institute in Chennai
    Web Design Training in Chennai
    Web Design Training in Chennai|Best Web Design Training in Chennai
    AngularJS Training in Chennai |Advanced SAS Training in Chennai | Best SAS Training in Chennai

    ReplyDelete
  19. All are saying the same thing repeatedly, but in your blog I had a chance to get some useful and unique information, I love your writing style very much, I would like to suggest your blog in my dude circle, so keep on updates.

    python training in chennai
    python training in chennai
    python training in bangalore

    ReplyDelete
  20. Brilliant ideas that you have share with us.It is really help me lot and i hope it will help others also.update more different ideas with us.
    AWS Courses in T nagar
    AWS Course in Anna Nagar
    AWS Training center in Bangalore
    Best AWS Training in Bangalore

    ReplyDelete
  21. The knowledge of technology you have been sharing thorough this post is very much helpful to develop new idea. here by i also want to share this.
    python course institute in bangalore
    python Course in bangalore
    python training institute in bangalore

    ReplyDelete
  22. Marvelous and fascinating article. Incredible things you've generally imparted to us. Much obliged. Simply keep making this kind out of the post.

    Oracle PLSQL Training in Chennai
    Oracle PLSQL Training

    ReplyDelete
  23. Your very own commitment to getting the message throughout came to be rather powerful and have consistently enabled employees just like me to arrive at their desired goals.
    angularjs online Training

    angularjs Training in marathahalli

    angularjs interview questions and answers

    angularjs Training in bangalore

    angularjs Training in bangalore

    angularjs interview questions and answers

    ReplyDelete
  24. This comment has been removed by the author.

    ReplyDelete
  25. This is a nice article here with some useful tips for those who are not used-to comment that frequently. Thanks for this helpful information I agree with all points you have given to us. I will follow all of them.
    Devops Training in Bangalore
    Best Devops Training in pune

    ReplyDelete
  26. Thank you for sharing such great information with us. I really appreciate everything that you’ve done here and am glad to know that you really care about the world that we live in
    Data science course in bangalore | Data Science training with placement in Bangalore

    ReplyDelete
  27. Very nice post here and thanks for it .I always like and such a super contents of these post.
    Excellent and very cool idea and great content of different kinds of the valuable information's.

    Java training in Bangalore



    ReplyDelete
  28. I was recommended this web site by means of my cousin. I am now not certain whether this post is written through him as nobody else recognise such precise about my difficulty. You're amazing! Thank you!
    devops online training

    aws online training

    data science with python online training

    data science online training

    rpa online training

    ReplyDelete
  29. I found your blog while searching for the updates, I am happy to be here. Very useful content and also easily understandable providing.. Believe me I did wrote an post about tutorials for beginners with reference of your blog. 
    Microsoft Azure online training
    Selenium online training
    Java online training
    uipath online training
    Python online training


    ReplyDelete
  30. Write more; that’s all I have to say. It seems as though you relied on the video to make your point. You know what you’re talking about, why waste your intelligence on just posting videos to your blog when you could be giving us something enlightening to read?
    Check out the best python training in chennai at SLA

    ReplyDelete
  31. Thanks For Sharing The information The Information Shared Is Very Valuable Please Keep Updating us The Information shared Is Very Valuable Python Online Course Data Science Online Course Aws Online Course

    ReplyDelete
  32. Wonderful Blog post, great article that you have provided for peoples. Its really good. Nice information.


    ExcelR Data Science Bangalore

    ReplyDelete
  33. Awesome blog. I enjoyed reading your articles. This is truly a great read for me. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work!
    data analytics certification courses in Bangalore
    ExcelR Data science courses in Bangalore

    ReplyDelete
  34. Attend The Python training in bangalore From ExcelR. Practical Python training in bangalore Sessions With Assured Placement Support From Experienced Faculty. ExcelR Offers The Python training in bangalore.
    python training in bangalore

    ReplyDelete
  35. This post is very simple to read and appreciate without leaving any details out. Great work!




    This post is very simple to read and appreciate without leaving any details out. Great work!

    ReplyDelete
  36. I was just browsing through the internet looking for some information and came across your blog. I am impressed by the information that you have on this blog. It shows how well you understand this subject. Bookmarked this page, will come back for more.
    data science course in singapore

    ReplyDelete
  37. I was just browsing through the internet looking for some information and came across your blog. I am impressed by the information that you have on this blog. It shows how well you understand this subject. Bookmarked this page, will come back for more.data science course in singapore

    ReplyDelete
  38. Great information on given topic and provide them to teacher our opinion and the article. I appreciate your post and look forward tomorrow.data science course in singapore

    ReplyDelete
  39. Your info is really amazing with impressive content..Excellent blog with informative concept. Really I feel happy to see this useful blog, Thanks for sharing such a nice blog..
    If you are looking for any Data science Related information please visit our website best course for data science page!

    ReplyDelete
  40. For Hadoop Training in Bangalore Visit : HadoopTraining in Bangalore

    ReplyDelete
  41. This is really an awesome post, thanks for it. Keep adding more information to this.tableau training in bangalore

    ReplyDelete
  42. Awesome,Thank you so much for sharing such an awesome blog. sap fico training in bangalore


    ReplyDelete

  43. thank you so much for this nice information Article, Digitahanks for sharing your post with us.sap scm training in bangalore

    ReplyDelete
  44. It is amazing and wonderful to visit your site.Thanks for sharing this information,this is useful.sap crm training in bangalore

    ReplyDelete
  45. Great post!I am actually getting ready to across this information,i am very happy to this commands.Also great blog here with all of the valuable information you have.Well done,its a great knowledgez.

    ReplyDelete
  46. I have to search sites with relevant information on given topic and provide them to teacher our opinion and the article.
    data analytics course

    ReplyDelete
  47. After reading your article I was amazed. I know that you explain it very well. And I hope that other readers will also experience how I feel after reading your article.

    Digital marketing course mumbai

    ReplyDelete
  48. Everything is very open with a very clear clarification of the issues.
    It was definitely informative. website
    Your site is very helpful.

    ReplyDelete
  49. I am really enjoying this article. while reading this the Article is really Impressive to the Reader.

    https://shyninguae.blogspot.com/2010/06/criteria-for-physiotherapy-technicians.html?showComment=1590370970366#c2328087418058103437

    ReplyDelete
  50. Thanks for the good words! Really appreciated. Great post. I’ve been commenting a lot on a few blogs recently,
    but I hadn’t thought about my approach until you brought it up.
    Java training in Chennai

    Java training in Bangalore

    Java training in Hyderabad

    Java Training in Coimbatore

    Java Online Training


    ReplyDelete
  51. Data Analytics Courses in PuneI am a new user of this site so here i saw multiple articles and posts posted by this site,I curious more interest in some of them hope you will give more information on this topics in your next articles.
    I like viewing web sites which comprehend the price of delivering the excellent useful resource free of charge. I truly adored reading your posting. Thank you!

    ReplyDelete
  52. Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article. This article inspired me to read more. keep it up.data science courses

    ReplyDelete
  53. Good Post! , it was so good to read and useful to improve my knowledge as an updated one, keep blogging.After seeing your article I want to say that also a well-written article with some very good information which is very useful for the readers....thanks for sharing it and do share more posts likethis. https://www.3ritechnologies.com/course/tableau-online-training-certification/

    ReplyDelete
  54. Good Post! , it was so good to read and useful to improve my knowledge as an updated one, keep blogging. After seeing your article I want to say that also a well-written article with some very good information which is very useful for the readers....thanks for sharing it and do share more posts like this.
    SAP Online Training

    ReplyDelete
  55. This Was An Amazing! I Haven't Seen This Type of Blog Ever! Thank you for Sharing, data scientist course in Hyderabad with placement

    ReplyDelete


  56. Nice article and thanks for sharing with us. Its very informative

    Plots in THIMMAPUR

    ReplyDelete

  57. Thanks for sharing a very useful article. Am sure it helped to clear the doubts I had. Keep posting more. Also dont forget to check out our pages too.

    data science training in chennai

    ccna training in chennai

    iot training in chennai

    cyber security training in chennai

    ethical hacking training in chennai


    ReplyDelete
  58. Selenium automation testing has made the process simpler and faster than manual testing. The latest version of selenium is the selenium webdriver which improves functional test coverage. Learn selenium automation testing to drive into the IT field.

    Selenium Webdriver

    ReplyDelete
  59. Set your career goal towards Oracle for a wealthy future with Infycle. Infycle Technologies is one of the best Oracle DBA training institute in Chennai, that gives the most trusted and best Oracle DBA Training with various stages of Oracle in a 100% hands-on training which will be guided by professional tutors in the field. In addition to this, the mock interviews will be given to the candidates, so that, they can face the interviews with full confidence. Apart from all, the candidates will be placed in the top MNC's with a great salary package. To get it all, call 7502633633 and make this happen for your happy life.

    ReplyDelete
  60. Learn Amazon Web Services for making your career as a shining sun with Infycle Technologies. Infycle Technologies is the best AWS training centre in Chennai, providing complete hands-on practical training of professional specialists in the field. In addition to that, it also offers numerous programming language tutors in the software industry such as Python, AWS, Hadoop, etc. Once after the training, interviews will be arranged for the candidates, so that, they can set their career without any struggle. Of all that, 200% placement assurance will be given here. To have the best career, call 7502633633 to Infycle Technologies and grab a free demo to know more.No.1 AWS Training Centre in Chennai

    ReplyDelete
  61. Wow such an amazing content keep it up. I have bookmarked your page to check out more informative content here.

    SASVBA provides professional AI training course in Delhi with the help of industry experts. Artificial intelligence is a method of building a computer-controlled robot, computer, or software that thinks wisely as well as intelligently. It is science and technology-based on subjects such as computer science, biology, psychology, linguistics, mathematics, and engineering.

    FOR MORE INFO:

    ReplyDelete
  62. Fetch Oracle DBA Training in Chennai for making the best career in the software industry with Infycle Technologies. Infycle Technologies offers the best Oracle training in Chennai, providing courses for Oracle and many other software courses in 100% hands-on practical training with professional trainers in the domain. Along with the coaching, the placement interviews will be arranged for the students, so that they can set their careers at high standards. Of all that, 200% placement assurance will be given here. To have the best career, call 7502633633 to Infycle Technologies and grab a free demo to know more.

    ReplyDelete
  63. Set your career towards Amazon Web Services with Infycle Technologies, the best software training center in Chennai. Infycle Technologies gives the combined and best Big AWS Training in Chennai, along with the 100% hands-on training guided by professional teachers in the field. In addition to this, the interviews for the placement will be guided to the candidates, so that, they can face the interviews without struggles. Apart from all, the candidates will be placed in the top MNC's with a great salary package. To get it all, call 7502633633 and make this happen for your happy life.
    best aws training in chennai

    ReplyDelete
  64. Set your career towards Amazon Web Services with Infycle Technologies, the best software training center in Chennai. Infycle Technologies gives the combined and best Big AWS Training in Chennai, along with the 100% hands-on training guided by professional teachers in the field. In addition to this, the interviews for the placement will be guided to the candidates, so that, they can face the interviews without struggles. Apart from all, the candidates will be placed in the top MNC's with a great salary package. To get it all, call 7502633633 and make this happen for your happy life.
    best aws training in chennai

    ReplyDelete
  65. Excellent article, informative content shared keep sharing.

    Data Science Training in Pune

    ReplyDelete
  66. Grab the Digital Marketing Training in Chennai from Infycle Technologies, the best software training institute, and Placement center in Chennai which is providing professional software courses such as Data Science, Artificial Intelligence, Cyber Security, Big Data, Java, Hadoop, Selenium, Android, and iOS Development, DevOps, Oracle etc with 100% hands-on practical training. Dial 7502633633 to get more info and a free demo and to grab the certification for having a peak rise in your career.

    ReplyDelete
  67. If Oracle is a job that you're dreaming of, then we, Infycle are with you to make your dream into reality. Infycle Technologies offers the best Oracle Training in Chennai, with various levels of Oracle courses such as Oracle PLSQL, Oracle DBA, etc., in 100% hands-on practical training with professional tutors in the field. Along with that, the mock interviews will be done for the candidates, so that, they can face the interviews with full confidence.Best Oracle Training in Chennai | Infycle Technologies

    ReplyDelete
  68. This Digital Marketing Course in Mohali transforms you into a complete Digital Marketer with expertise in modules like SEO, Social Media Marketing, PPC, Analytics, Content, Mobile, and Email marketing.
    We provide the Best training for Social Media Marketing and PPC course in Mohali and have trained over 10k students.
    Become industry-ready learning the latest tools, working on real-world projects, and attending Master classes from the Google and Facebook certified Team.
    Digital Marketing Course in Chandigarh

    ReplyDelete
  69. If you are dreaming of an IT job !!! Then AWS Course in Chennai!!Is the best choice for you. Yes, what you heard is Right Infycle offering you an AWS course for an Affordable price with experienced trainees, Practical Classes, Flexible timing, and more.

    ReplyDelete
  70. Bangaloredigitalmarketing provides the best Digital Marketing courses in bangalore with certification
    and placements in jayanagar, marathahalli
    https://bangaloredigitalmarketing.com/
    https://bangaloredigitalmarketing.com/digital-marketing-courses-in-bangalore/
    https://bengalurudigitalmarketing.blogspot.com/

    ReplyDelete
  71. Very Informative blog thank you for sharing. Keep sharing.

    Best software training institute in Chennai. Make your career development the best by learning software courses.

    azure training in chennai
    power bi training in chennai

    ReplyDelete
  72. Thanks for posting this info. I just want to let you know that I just checked out your site and I find it very interesting and informative. I can't wait to read lots of your posts.
    business analytics training in hyderabad

    ReplyDelete
  73. It is the intent to provide valuable information and best practices, including an understanding of the regulatory process. data scientist course in kanpur

    ReplyDelete


  74. Awesome blog. Thanks for sharing this blog. Keep update like this...
    Android Training in Bangalore
    Android Classes in Pune

    ReplyDelete
  75. This post is so interactive and informative.keep update more information...
    Android Training in Velachery
    Android Training in Chennai

    ReplyDelete
  76. Informative content and knowledgeable blog. Keep posting more content on this. Thanks for sharing this blog with us.
    Data Science Institute in Hyderabad

    ReplyDelete
  77. This comment has been removed by the author.

    ReplyDelete
  78. Your blog post is so informative for me .Thanks for sharing this valuble post.CodeCraft Full Stack Development Strategies for Modern Applications

    ReplyDelete