how to solve javax.net.ssl.SSLPeerUnverifiedException: Hostname .com not verified:

Question

I am having the following error Hostname domain.com not verified: Not "javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated" I was able before to connect to different host, in this host I am facing problems , how to fix it

 javax.net.ssl.SSLPeerUnverifiedException: Hostname domain.com not verified:
    certificate: sha1//WQM9QbrKs6DCFa9qN/EIw1ywBw=
    DN: CN=*.ipage.com,OU=Domain Control Validated - RapidSSL(R),OU=See www.rapidssl.com/resources/cps (c)14,OU=GT29505539
    subjectAltNames: [*.ipage.com, ipage.com]
            at com.squareup.okhttp.Connection.connectTls(Connection.java:244)
            at com.squareup.okhttp.Connection.connectSocket(Connection.java:199)
            at com.squareup.okhttp.Connection.connect(Connection.java:172)
            at com.squareup.okhttp.Connection.connectAndSetOwner(Connection.java:367)
            at com.squareup.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:128)
            at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:328)
            at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:245)
            at com.squareup.okhttp.Call.getResponse(Call.java:267)

this is my code

  try {
                    JSONObject jsonObject = new JSONObject();
                    jsonObject.accumulate("name", name);
                    jsonObject.accumulate("password", pass);
                    jsonObject.accumulate("email", emails);
                    json = jsonObject.toString();
                    Log.e("MYAPP", "getjson");

                } catch (JSONException e) {
                    Log.e("MYAPP", "unexpected JSON exception", e);
                }
                try{
                    RequestBody formBody = new FormEncodingBuilder()
                            .add("name", name)
                            .build();
                    Request request = new Request.Builder()
                            .url("https://justedhak.com/Files/users.php")
                            .post(formBody)
                            .build();

Possible duplicate of [Android: Making Https Request](http://stackoverflow.com/questions/7622004/android-making-https-request) — denis_lor, Nov 05 '15 at 08:50
I guess you have not installed SSL Certificate on your server. If that is the case try just http instead of https — rusted brain, Nov 05 '15 at 08:52
@denis_lor no no in the url is different error , 'peer not authenticated" my error is host name not verrified . btw I was able to connect to different host, in this host I am having this error. — Moudiz, Nov 05 '15 at 08:52
@deepu513 I contacted the support of the host , they kept me waiting and waiting. so its problem in the host side ? and i didnt understand your example of yoururl.com — Moudiz, Nov 05 '15 at 08:54
@Moudiz have you also tried this: http://stackoverflow.com/questions/31917988/okhttp-javax-net-ssl-sslpeerunverifiedexception-hostname-domain-com-not-verifie — denis_lor, Nov 05 '15 at 08:55
I edited the comment, actually StackOverflow was converting it to link, now you can see clearly — rusted brain, Nov 05 '15 at 08:55
@denis_lor he was trying to create a certificate from the first place. in my case I dont know to create one , I just want to connect to host — Moudiz, Nov 05 '15 at 08:58
@deepu513 ok ill try with http but if I want to connect with https , how to do that ? should I contact the host to install SSl certificate ? — Moudiz, Nov 05 '15 at 08:58
@Moudiz do it with http, maybe https is not available on server side — denis_lor, Nov 05 '15 at 08:59
@deepu513 lets say that the SSL certificat is not installed , why then I can open the link in such way https://justedhak.com/Files/users.php , do you have any idea ? — Moudiz, Nov 05 '15 at 09:03
Nope in my case it didn't work, it gave me this error https://drive.google.com/file/d/0B-eXLGaR38bbTG5DSmVqUlNJdFU/view?usp=sharing — rusted brain, Nov 05 '15 at 09:08
@deepu513 ah the image will be helfpfull ill send it to the support now , I chating with them. thanks man , post what you said in an answer to accept it , you were helpful — Moudiz, Nov 05 '15 at 09:11
let it be i am too lazy to write the whole answer again :P Glad i was helpful to you :) — rusted brain, Nov 05 '15 at 09:13
Pls read my answer at the following http://stackoverflow.com/questions/33067368/okhttp-trusting-certificate/33071430#33071430 — BNK, Nov 05 '15 at 14:55
I really appreciat that your helping me in all my questions , my problem was I didnt purchase the certificate from the host. so I am accessing the php files such way `http` in the future maybe ill use SSL @BNK — Moudiz, Nov 05 '15 at 15:18
@BNK hey man how are you today, can you help me in this question please http://stackoverflow.com/questions/33593342/image-not-saving-in-folder — Moudiz, Nov 08 '15 at 13:10
It's Sunday night and I have no environment to test, however, in your question, the man who currently helps you is an experienced member in S.O :) — BNK, Nov 08 '15 at 14:15
@BNK yes he is however still my problem wasent solve :( .. anyway good night my friend ill try to ry to figure it out — Moudiz, Nov 08 '15 at 14:22
Read my answer at http://stackoverflow.com/questions/33577810/how-to-display-image-taken-in-a-new-activity/33577998#33577998, which will have my another answer to see if it's helpful for your new issue or not. Goodluck! — BNK, Nov 08 '15 at 14:33
I checked you answer, it deosnt manage bitmaps anyway thanks , til tomorow then — Moudiz, Nov 08 '15 at 14:37

score 32 · Accepted Answer · edited May 23 '17 at 11:51

UPDATE

Because the exception is javax.net.ssl.SSLPeerUnverifiedException: Hostname justedhak.com not verified with DN: CN=*.ipage.com... and subjectAltNames: [*.ipage.com, ipage.com]

As a result, you can replace the setHostnameVerifier at my below sample code (because return true is not recommended) by the following:

client.setHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                //return true;
                HostnameVerifier hv =
                        HttpsURLConnection.getDefaultHostnameVerifier();
                return hv.verify("ipage.com", session);
            }
        });

You will get the success result as the below screenshot too.

If you want to work with that host's HTTPS only for your learning purpose or developing environment, you can refer the following way, of course you can change my GET request by your POST one:

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);
        mTextView = (TextView) findViewById(R.id.textView);
        mHandler = new Handler(Looper.getMainLooper());
        OkHttpClient client = new OkHttpClient();
        client.setHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        });
        Request request = new Request.Builder()
                .url("https://justedhak.com/Files/users.php")
                .build();
        client.newCall(request).enqueue(new Callback() {
            @Override
            public void onFailure(Request request, IOException e) {
                // do something...
                Log.e(LOG_TAG, e.toString());
            }

            @Override
            public void onResponse(Response response) throws IOException {
                // do something...
                Log.i(LOG_TAG, response.body().string());
            }
        });
    }

Here's the screenshot

You can also read more at the following question:

OkHttp trusting certificate

IMO, you can read here http://developer.android.com/training/articles/security-ssl.html, at `Common Problems with Hostname Verification` section — BNK, Nov 06 '15 at 06:42
I mean that for "return true" only, for `return hv.verify("...com", session);` I am not so sure, although you can find `caution` in Google's documentation — BNK, Nov 06 '15 at 06:49
okay ill read about it . btw do you have an answers covers about how user login/log out session ? — Moudiz, Nov 06 '15 at 07:09
See http://stackoverflow.com/questions/31466653/how-to-use-security-authentication-authorization-in-asp-web-api/31471027#31471027 if it is the one you ask :) — BNK, Nov 06 '15 at 07:24
@i-Droid I think it works, you can try `OkHttpClient client = new OkHttpClient.Builder() .hostnameVerifier(new ...) .build(); Retrofit retrofit = new Retrofit.Builder() .baseUrl(API_URL_BASE) .addConverterFactory(GsonConverterFactory.create()) .client(client) .build();` — BNK, Sep 12 '16 at 08:01
@BNK check this [link](http://stackoverflow.com/questions/39445898/javax-net-ssl-sslpeerunverifiedexception-error-in-retrieving-session-key-from-sk) — iSrinivasan27, Sep 12 '16 at 08:18
If i have multiple classes making http calls, do i need this to place everywhere? — Panache, May 15 '22 at 11:44

score 2 · Answer 2 · answered Jun 09 '22 at 13:19

I resolved this in retrofit2 by adding a hostname verifier and returning it to true.

OkHttpClient client = new OkHttpClient.Builder()
                    .hostnameVerifier(new HostnameVerifier() {
                        @Override
                        public boolean verify(String hostname, SSLSession session) {
                            HostnameVerifier hv = HttpsURLConnection.getDefaultHostnameVerifier();
                            return true;
                        }
                    })
                    .connectTimeout(100, TimeUnit.SECONDS)
                    .readTimeout(100, TimeUnit.SECONDS).build();

score 1 · Answer 3 · answered Oct 13 '20 at 10:25

I had the same error in Jenkins trying to access GIT, the real error was that GIT address changes periodically (AWS based) and the Jenkins had an address of GIT, which was not valid anymore. A restart of jvm was enough to solve it, but reducing ttl would be best solution

how to solve javax.net.ssl.SSLPeerUnverifiedException: Hostname .com not verified:

3 Answers3

Linked

Related