25

I recently added LetsEncrypt certificates to my server and my java applet is having problems connecting using TLS.

My applet uses Apache HttpClient.

My web server is Apache 2,4, and I have a few virtual hosts set up as subdomains of my main domain (foo.com - not my real domain name).

When I run my applet on the staging subdomain (e.g. it runs off https://staging.foo.com), I get the following error:

javax.net.ssl.SSLException: Certificate for <staging.foo.com> doesn't match any of the subject alternative names: [developer.foo.com]
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:165)
at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:61)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:141)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:114)
at org.apache.http.conn.ssl.SSLSocketFactory.verifyHostname(SSLSocketFactory.java:580)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:554)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:412)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:179)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:328)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:612)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:447)
at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:884)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
...(cut)
at javax.swing.SwingWorker$1.call(SwingWorker.java:295)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at javax.swing.SwingWorker.run(SwingWorker.java:334)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)

I have no idea what's going on.

First of all, I have no idea how Java knows that developer.foo.bar is one of my virtual hosts (although this virtual host is the first one, alphabetically, that has SSL turned on).

I've looked at the certificate detail for staging.foo.com, and the only name listed under the "Subject Alternative Name" field is staging.foo.com.

So where is it getting developer.foo.com from?

And how do I fix this problem?

I'm using Firefox on OS X El Capitan 10.11.6 with the following Java plugin version info:

Java Plug-in 11.102.2.14 x86_64
Using JRE version 1.8.0_102-b14 Java HotSpot(TM) 64-Bit Server VM

This is the Apache conf file for staging.foo.com:

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName staging.foo.com
    ServerAlias www.staging.foo.com

    # Turn on HTTP Strict Transport Security (HSTS). This tells the
    # client that it should only communicate with this site using
    # HTTPS. See
    # https://raymii.org/s/tutorials/HTTP_Strict_Transport_Security_for_Apache_NGINX_and_Lighttpd.html
    Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"

    # The following is used to tunnel websocket requests to daphne, so
    # that Django Channels can do its thing
    ProxyPass "/ws/" "ws://localhost:8001/ws/"
    ProxyPassReverse "/ws/" "ws://localhost:8001/ws/"

    # The following is used during deployment. Every page request is
    # served from one static html file.
    RewriteEngine       on
    RewriteCond         /home/www-mm/staging.foo.com/apache/in_maintenance -f
    RewriteRule .*      /home/www-mm/staging.foo.com/static/maintenance/maintenance.html

    # Use Apache to serve protected (non-static) files. This is so that
    # Apache can deal with ranges
    XSendFile on
    XSendFilePath /home/www-mm/staging.foo.com/user_assets

    # Limit uploads - 200MB
    LimitRequestBody 209715200

    Alias /static/ /home/www-mm/staging.foo.com/serve_static/
    Alias /robots.txt /home/www-mm/staging.foo.com/apache/serve-at-root/robots.txt

    <Directory /home/www-mm/staging.foo.com/serve_static>
        AddOutputFilterByType DEFLATE text/html text/css text/javascript application/javascript application/json
        Order deny,allow
        Require all granted
    </Directory>

    # Videos uploaded via staff to home page should never cache,
    # because they can change at any time (and we don't know if the
    # URLs will change or not). Etags are used and only headers are
    # sent if the files in question aren't modified (we get a 304
    # back)
    <Directory /home/www-mm/staging.foo.com/serve_static/video>
        ExpiresActive On
        # Expire immediately
        ExpiresDefault A0
    </Directory>

    # The following ensures that the maintenance page is never cached.
    <Directory /home/www-mm/staging.foo.com/static/maintenance>
        ExpiresActive On
        # Expire immediately
        ExpiresDefault A0
        Require all granted
    </Directory>

    # Hide uncompressed code from prying eyes. Python needs access to this code for the css compressor
    <Directory /home/www-mm/staging.foo.com/serve_static/js/muso>
        <Files ~ "\.js$">
            Deny from all
        </Files>
        # Order deny,allow
        # Deny from all
    </Directory>

    # Hide uncompressed code from prying eyes. Python needs access to this code for the css compressor
    <DirectoryMatch "/home/www-mm/staging.foo.com/serve_static/js/dist/.*/muso">
        Order deny,allow
        Deny from all
    </DirectoryMatch>

    <Directory /home/www-mm/staging.foo.com/apache>
        <Files django.wsgi>
            Order deny,allow
            Require all granted
        </Files>
    </Directory>

    WSGIScriptAlias / /home/www-mm/staging.foo.com/apache/django.wsgi
    WSGIDaemonProcess staging.foo.com user=www-mm group=www-mm
    WSGIProcessGroup staging.foo.com

    ErrorLog /var/log/apache2/staging.foo.com-error.log
    CustomLog /var/log/apache2/staging.foo.com-access.log combined

    SSLCertificateFile /etc/letsencrypt/live/staging.foo.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/staging.foo.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

The SSL sections were added by certbot, the LetsEncrypt CLI tool.

I should add that accessing each of these subdomains in a modern browser (such as Chrome) is fine.

yassam
  • 533
  • 1
  • 6
  • 15
  • 1
    You need to tell let's encrypt that not your applet! You need to add a `-d` parameter for **each and every** DNS name that your server can be accessed by. – Boris the Spider Sep 29 '16 at 06:21
  • P.S. applet? Get rid of it... – Boris the Spider Sep 29 '16 at 06:21
  • What version of Apache are you using? Is developer.foo.com the first virtual host in your Apache config? If your site is public, check it against SSL Labs to see if you see any SNI alerts. – Anand Bhat Sep 29 '16 at 06:45
  • @BoristheSpider - can you elaborate please? Are you saying I use a single certificate for all foo.bar and all its subdomains, using -d to specify them all? Getting rid of the applet is not an option right now. – yassam Sep 29 '16 at 22:28
  • @AnandBhat it's apache 2.4.x and yes, developer.foo.bar is the first SSL-enabled virtual host (alphabetically). SSL labs gives it an A+ rating. – yassam Sep 29 '16 at 23:03
  • Either that, or you need to configure your VHosts correctly with SNI. Currently I try and access `foo.com` and you give me the certificate for `developer.foo.com` which isn't correct. – Boris the Spider Sep 30 '16 at 08:12
  • Another possibility is that you have using Java 6 or lower (please say you're not). Java 7 was the first version with SNI support. If the client does not support SNI, then the server has no way of knowing which VHost the client wants as you have a chicken and egg problem - the information about the domain is encrypted, but in order to decrypt it the server must send its certificate; but in order to know which certificate to send it needs to know the domain... – Boris the Spider Sep 30 '16 at 08:22
  • Also; Applet? eeew (you realise they're removing applets from Java 9, right?) – Boris the Spider Sep 30 '16 at 08:22
  • Consider adding your Apache virtual hosting configs for staging.foo.com and developer.foo.com to the question. This most likely is an issue related to SNI and considering you are using Java 1.8.0_102 which is SNI aware, I'd suspect the Apache config. – Anand Bhat Sep 30 '16 at 14:06
  • @BoristheSpider - I don't know if I've set up SNI correctly, but when I access foo.com, staging.foo.com and developer.foo.com using Chrome, it all works fine. It doesn't appear as though accessing staging get the developer SSL cert when using Chrome. I do plan to plan to rewrite the applet in pure JS, but that will take a long time, and I need the applet to work this week. The applet is running on Java 8 (1.8.0_102) – yassam Oct 02 '16 at 21:45
  • @AnandBhat - I've added the Apache config for staging.foo.com. The developer config is identical, save that it uses its own cert file – yassam Oct 02 '16 at 21:46
  • I also tried turning SSLStrictSNIVHostCheck on (this is in the global apache config section) and it made no difference. The error log didn't show an error when I ran the applet. – yassam Oct 02 '16 at 21:49
  • @yassam did you fix this problem – orange14 May 18 '17 at 15:42
  • Does this answer your question? [Certificate for doesn't match any of the subject alternative names](https://stackoverflow.com/questions/50928061/certificate-for-localhost-doesnt-match-any-of-the-subject-alternative-names) – Hakan54 Aug 06 '23 at 14:49

10 Answers10

39

If you use HttpClient 4.4 then you need to specify host verifier (NoopHostnameVerifier) to allow accepting certificates from different hosts:

SSLConnectionSocketFactory scsf = SSLConnectionSocketFactory(
     SSLContexts.custom().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build(), 
        NoopHostnameVerifier.INSTANCE)
httpclient = HttpClients.custom().setSSLSocketFactory(scsf).build()
Yurii
  • 399
  • 3
  • 5
  • 1
    This is nasty, bypass hostname check. – Awan Biru Oct 07 '21 at 03:25
  • @AwanBiru How so? I'm not entirely sure I understand this answer either. – Clockwork Jul 08 '22 at 10:36
  • 5
    @Clockwork I believe by opting for NoopHostnameVerifier, it will turn off the hostname check with the certificate's CN or SAN. Hence the authenticity of the certificate and host might be compromised. IMHO, better not to do this workaround, unless we are pretty sure the host, certificate, and infrastructure are 100% under our own control. The better technique is to do CSR and cert generation with proper names. – Awan Biru Jul 12 '22 at 04:16
8

Following Yurri's comment, it solved my problem by adding NoopHostnameVerifier.INSTANCE while initialising SSLConnectionSocketFactory :

import org.apache.http.HttpHost;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.TrustStrategy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.stereotype.Component;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.RestTemplate;

import java.net.Proxy;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;

import javax.net.ssl.SSLContext;

/**
 * Provide basic Utils for getting HttpHeader and making REST api calls.
 * 
 */
@Component
public class HttpUtil {

    private static final Logger LOG = LoggerFactory.getLogger(HttpUtil.class);

    /**
     * The default implementation to get basic headers.
     * @return HttpHeaders.
     */
    public HttpHeaders getHttpHeaders(String userAgent, String host) {
        HttpHeaders headers = new HttpHeaders();
        headers.setContentType(MediaType.APPLICATION_JSON);
        headers.set(HttpHeaders.ACCEPT_CHARSET, StandardCharsets.UTF_8.name());
        headers.set(HttpHeaders.USER_AGENT, userAgent);
        LOG.info("host=" + host);
        if (null != host) {
            headers.set(HttpHeaders.HOST, host);
        }

        return headers;
    }

    /**
     * Default implementation to get RestTemplate
     * @return
     */
     public RestTemplate getRestTemplate(String proxyHost, int proxyPort)
        throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {

    TrustStrategy acceptingTrustStrategy = new TrustSelfSignedStrategy();

    SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy)
            .build();

    SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);

    CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(csf).build();

    HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
    if (null != proxyHost && proxyPort > 0) {
        LOG.info("PROXY CONFIGURED | proxyHost=" + proxyHost + " | proxyPort=" + proxyPort);
        HttpHost proxy = new HttpHost(proxyHost, proxyPort, Proxy.Type.HTTP.name());
        httpClient = HttpClients.custom().setSSLSocketFactory(csf)
                .setRoutePlanner(new DefaultProxyRoutePlanner(proxy)).build();
    }
    requestFactory.setHttpClient(httpClient);
    RestTemplate restTemplate = new RestTemplate(requestFactory);
    return restTemplate;
}

    /**
     * Make a rest api call
     * @return ResponseEntity
     */
    public ResponseEntity<String> getApiResponse(HttpMethod httpMethod, final String URL, final String userAgent,
            String proxyHost, int proxyPort, String host) throws HttpClientErrorException {
        ResponseEntity<String> response = null;
        HttpEntity<String> httpEntity = new HttpEntity<>(getHttpHeaders(userAgent, host));
        try {
            if (null != httpMethod && null != URL) {
                RestTemplate request = null;
                try {
                    request = getRestTemplate(proxyHost, proxyPort);
                    response = request.exchange(URL, httpMethod, httpEntity, String.class);
                } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
                    LOG.error("Error creating Rest Template", e);
                }
            }
        } catch (HttpClientErrorException ex) {
            LOG.error("Method = " + httpMethod.toString() + "Request URL = " + URL);
            LOG.error("Headers =" + getHttpHeaders(userAgent, host));
            LOG.error("Response Status = " + ex.getStatusText());
            LOG.error("Response Body = " + ex.getResponseBodyAsString());
            throw ex;
        }
        return response;
    }
}
Sushant Verma
  • 899
  • 7
  • 8
3

I don't know which version of the Apache HttpClient you were using but versions 4.4.1 and 4.5.1 had a bug where the SNI didn't work correctly. This was fixed in 4.5.3

https://issues.apache.org/jira/browse/HTTPCLIENT-1726

matt freake
  • 4,877
  • 4
  • 27
  • 56
  • 2
    there also seems to have been a regression between 4.5.10 and 4.5.11 which was fixed in 4.5.12, that had something to do with non-public hostnames https://issues.apache.org/jira/browse/HTTPCLIENT-2047 moreover, creating hostname verifier using the new DefaultHostnameVerifier() constructor (like in the above link) helped me identify my own problem - I was creating it using javax.net.ssl.HttpsURLConnection.getDefaultHostnameVerifier() - which seems to cause the above exception with valid certificates – hello_earth Nov 30 '21 at 09:24
2

You get this error when your Host/domain name does not match your Cert CN name . So in this case we have to turn-off Hostname verification by NO_OP (It is available in httpclient dependency greater than 4.3)

Sample Code :

SSLContext sslContextBuilder = SSLContextBuilder
                .create()
                .loadKeyMaterial(ResourceUtils.getFile("file:" + "/path/myclient.jks"), "123456".toCharArray(),"123456".toCharArray())
                .loadTrustMaterial(ResourceUtils.getFile("file:" + "/path/myclient.jks"), "123456".toCharArray()).build();

    CloseableHttpClient httpClient
                = HttpClients.custom()
                .setSSLHostnameVerifier(new NoopHostnameVerifier()).setSSLContext(sslContextBuilder)
                .build();


        final ClientHttpRequestFactory requestFactory =
                new HttpComponentsClientHttpRequestFactory(httpClient);

        restTemplate.setRequestFactory(requestFactory);
Santosh Garole
  • 1,419
  • 13
  • 23
Hardik Kulkarni
  • 21
  • 1
1

This could help, if you are developing a react-native app, and this issue happens when you try to build your android app (that was my case, at least!)

This is a hack and not a solution, but if you just need it to work right now, this is how it goes. For me, the issue was this:

Execution failed for task ':expo-modules-core:downloadBoost'.
> A failure occurred while executing de.undercouch.gradle.tasks.download.internal.DefaultWorkerExecutorHelper$DefaultWorkAction
   > javax.net.ssl.SSLPeerUnverifiedException: Certificate for <jfrog-prod-usw2-shared-oregon-main.s3.amazonaws.com> doesn't match any of the subject alternative names: [*.s3.amazonaws.com, s3.amazonaws.com]

So, I went to the build.gradle file of the module expo-modules-core. (Note, not your root or app build.gradle file.

Now, I found the downloadBoost task (Since my log says the issue is with downloadBoost. For me, it looked something like this:

def downloadBoost = tasks.create('downloadBoost', Download) {
  dependsOn(createNativeDepsDirectories)
  def srcUrl = REACT_NATIVE_TARGET_VERSION >= 69
    ? "https://boostorg.jfrog.io/artifactory/main/release/${BOOST_VERSION.replace("_", ".")}/source/boost_${BOOST_VERSION}.tar.gz"
    : "https://github.com/react-native-community/boost-for-react-native/releases/download/v${BOOST_VERSION.replace("_", ".")}-0/boost_${BOOST_VERSION}.tar.gz"
  src(srcUrl)
  onlyIfNewer(true)
  overwrite(false)
  dest(new File(downloadsDir, "boost_${BOOST_VERSION}.tar.gz"))
}

I just added a hack so that it accepts any certificate. Add this line: acceptAnyCertificate true. So, the final block will look something like:

def downloadBoost = tasks.create('downloadBoost', Download) {
  acceptAnyCertificate true
  dependsOn(createNativeDepsDirectories)
  def srcUrl = REACT_NATIVE_TARGET_VERSION >= 69
    ? "https://boostorg.jfrog.io/artifactory/main/release/${BOOST_VERSION.replace("_", ".")}/source/boost_${BOOST_VERSION}.tar.gz"
    : "https://github.com/react-native-community/boost-for-react-native/releases/download/v${BOOST_VERSION.replace("_", ".")}-0/boost_${BOOST_VERSION}.tar.gz"
  src(srcUrl)
  onlyIfNewer(true)
  overwrite(false)
  dest(new File(downloadsDir, "boost_${BOOST_VERSION}.tar.gz"))
}

Well, that's it! Things worked for me. Hope it helps someone.

Note:

Everytime you execute yarn install or npm install, the build.gradle file will reset itself, so you need to do it again manually. I recommend creating a script for it.

Prasannjeet Singh
  • 756
  • 7
  • 17
0

If you are trying to access URL in any object try to set following in your code (Depends on how you are trying to access URL eg. Here we used WebClient object to set below parameter )
Create WebClient object and set following:-
WebClient webClient = null;
System.setProperty("jsse.enableSNIExtension", "false");

Set below depending upon your WebClient version.
webClient.getOptions().setUseInsecureSSL(true);

vikesh
  • 96
  • 2
  • 9
0

This solved my two issue:

  1. sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  2. javax.net.ssl.SSLException: Certificate for <staging.foo.com> doesn't match any of the subject alternative names: [developer.foo.com]

Solution:

private RestTemplate getRestTemplate() {
    try {
        TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;

        SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()
                .loadTrustMaterial(null, acceptingTrustStrategy)
                .build();
        SSLConnectionSocketFactory scsf = new SSLConnectionSocketFactory(
                SSLContexts.custom().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build(),
                NoopHostnameVerifier.INSTANCE);

        CloseableHttpClient httpClient = HttpClients.custom()
                .setSSLSocketFactory(scsf)
                .build();

        HttpComponentsClientHttpRequestFactory requestFactory =
                new HttpComponentsClientHttpRequestFactory();

        requestFactory.setHttpClient(httpClient);

        RestTemplate restTemplate = new RestTemplate(requestFactory);
        return restTemplate;
    } catch (Exception exception) {

        return new RestTemplate();
    }
}
Kiran Maharjan
  • 111
  • 3
0

Please note the cases, where you expect that certificate matches the wildcard, while it actually isn't:

<g.i.t.n.c.com> doesn't match any of the subject alternative names: [*.t.n.c.com]

javax.net.ssl.SSLPeerUnverifiedException: Certificate for <g.i.t.n.c.com> doesn't match any of the subject alternative names: [*.t.n.c.com]

Eljah
  • 4,188
  • 4
  • 41
  • 85
-1

I was getting the same error when I was using methods from org.apache.http.* for making my http requests. From your stack trace I assume that even you are using the same.

This error disappeared when I used java.net.HttpURLConnection and I was able to connect successfully.

import java.net.HttpURLConnection;

public static HttpURLConnection connectToWeb(String uri) {
    HttpURLConnection connection = null;
    try {
        URL url = new URL(uri);
        connection = (HttpURLConnection) url.openConnection();
        connection.setRequestMethod("GET");
        connection.connect();
    } catch (MalformedURLException ex) {
        ex.printStackTrace();
    } catch (IOException ex) {
        ex.printStackTrace();
    }
    return connection;
}
vig-go
  • 17
  • 4
-3
/*
 * Inner class for Proxy SSL Socket Connection.
 */
static class MyConnectionSocketFactory extends SSLConnectionSocketFactory {
    private String proxyHost = null;
    private Integer proxyPort = null;

    public MyConnectionSocketFactory(final SSLContext sslContext, String proxyHost, Integer proxyPort) {
        super(sslContext, new NoopHostnameVerifier());
        this.proxyHost = proxyHost;
        this.proxyPort = proxyPort;
    }

    @Override
    public Socket createSocket(final HttpContext context) throws IOException {
        logger.debug("Create Socket:" + " ProxyHost: " + proxyHost + ", ProxyPort: " + proxyPort);
        InetSocketAddress socksaddr = new InetSocketAddress(proxyHost,proxyPort);
        Proxy proxy = new Proxy(Proxy.Type.SOCKS, socksaddr);
        return new Socket(proxy);
    }
}


   else if (proxyType.equalsIgnoreCase("socks")) {
        logger.debug("Proxy Type: " + proxyType);
        TrustStrategy acceptingTrustStrategy = new TrustStrategy() {
            @Override
            public boolean isTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
                return true;
            }
        };

        SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()
                .loadTrustMaterial(null, acceptingTrustStrategy)
                .build();
        SSLConnectionSocketFactory csf = new MyConnectionSocketFactory(sslContext, proxyHost, proxyPort);
        CloseableHttpClient httpClient = HttpClients.custom()
                .setSSLSocketFactory(csf)
                .build();
        HttpComponentsClientHttpRequestFactory requestFactory =
                new HttpComponentsClientHttpRequestFactory();
        requestFactory.setHttpClient(httpClient);
        restTemplate = new RestTemplate(requestFactory);
        return;
    } else {
Mahesh Poojary
  • 1