2014年8月3日 星期日

[JAVA] 解決 javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

[symptom]

最近工作關係,需要串接財政部的發票明細API, domain為 https://www.einvoice.nat.gov.tw/
使用 HttpClient 執行 HttpGet方法時,
卻發生 javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated 的exception

[root cause]

查了一下,原因是要進行request的url使用https加密連線方法,
但因為java client使用的certification資訊太舊,不認得較新的SSL認證,
所以便發生了SSLPeer Unverified的問題

[solution]

此時,需要更新client端的SSL certification資訊。
下面簡單說明一下步驟:

1. 先開啟一個瀏覽器(我用的是chrome),連至目標的url, 然後透過瀏覽器把這個網站的SSL認識資訊匯出, 獲得一個 sitename.cer 檔, ,


2. 開始 cmd 工具,到你的JRE 環境中 lib\security\ 資料夾底下, 如 C:\Program File\JAVA\jre6\lib\security
在這裡應該會看到一個 cacerts 的檔案, 它就是我們需要更新的憑證檔

3. 執行

keytool -import -keystore cacerts -alias <any Unique Name> -file <filepath>\sitename.cer" -storepass changeit

其中, 以下請改成自己的設定:
<any Unique Name>為這個新增憑證的別名, 不能與其他別名重覆,
<filepath> 為剛剛你匯出sitename.cer 所儲存的路徑

4. 指令會請你確認是否要加入此憑證資訊, 輸入 "y" 進行確認
然後你就會看到 "Certificate was added to keystore" 的資訊, 表示成功

5. 再次執行java的部份,應該就可以成功通過https的連線了

※ 若仍然無法解決 SSLPeerUnverifiedException,代表憑證檔可能沒有成功更新,請檢查一下你的java runtime是否就是你剛剛所更新的jre版本,像我自己就有jre6, jre7, jdk等幾個環境。


[refernece]

http://coldfusion-tip.blogspot.tw/2012/04/javaxnetsslsslpeerunverifiedexception.html

沒有留言:

張貼留言

Powered By Blogger

Label Cloud

2009 (1) 不能連localhost (1) 內嵌音訊 (1) 求職 (1) 面試 (1) 音樂 (1) 動畫師 (1) 帳號管理 (1) 排程 (1) 畢展 (1) 創意市集 (1) 惡意程式 (1) 電腦動畫 (1) 權限管理 (1) adobe (1) android (4) animation (1) animator (1) apache (3) art (5) art taipei 2008 (1) audio (2) bbs (1) birthday (1) black and white (1) browser (2) career (2) certification (1) cgw (1) cinematography (1) code (3) Collie (1) color (2) command (16) competition (1) computer science (3) connection (1) cover (1) crafyJS (1) creative (1) CSS (1) DBN (2) design (7) developer (1) display (1) drawing (1) eclipse (3) embed (1) engine (1) EntityJS (1) exception (1) exhibition (1) flower (1) frame (1) freebsd (11) french (1) friends (3) function (1) game (1) google (2) graphic (3) html (2) HTML5 (1) https (1) illustrator (1) image processing (1) interactive storytelling (1) internet (3) interview (1) introduce (1) ip (1) japan (1) java (4) javascript (3) JIT (1) jmonkey (1) job (1) jquery (1) LAMP (1) LimeJS (1) linux (8) liquid galaxy (1) ListView (1) localhost (1) log (1) mail (1) marquee (1) midi (1) mime-type (1) mis (1) MIT (2) mo-cap (1) mobile (1) Modernizr (1) motion capture (1) movie (1) music (3) narrative (2) NCCU (3) news (1) note (10) originality (1) otaku (1) painting (4) performance (1) photography (2) photoshop (7) php (1) player modelling (1) poster (1) postfix (1) programming (5) QuarkJS (1) resource (1) schema (1) scroll (1) self aware (1) semantic (1) server (1) share (1) sketch (2) software (4) solve (2) Sonivox (1) speaking (1) ssl (1) SSLPeerUnverifiedException (1) streaming (1) Subversion (1) sunspider (1) SVN (3) svn server (1) system (1) taipei (1) test (1) tfam (1) tool (1) TortoiseSVN (1) tutor (1) ubuntu (3) update (1) uri (1) video (1) vim (1) w3c (1) wap wcss css css2.0 (1) web (8) WebGL (1) webkit (2) well-form (1) wiimote (1) wiiusej (1) workshop (1) xhtml (1) xml (2)