0

I have created a JAVA Application and have deployed it on Tomcat7 in an Ubuntu 16.04 System. The application hits a request on an https:// but returns the following error:

java.io.IOException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

I have tried installing the certificate in the JRE used by the system:

tomcat7 3388 1 0 11:07 ? 00:00:11 /usr/lib/jvm/default-java/bin/java

But i still get the same error.

I have also installed the certificate in the cacerts.jks keystore and have tried using java 

-Djavax.net.ssl.keyStore=/usr/lib/jvm/default-java/jre/lib/security/cacerts.jks -Djavax.net.ssl.keyStorePassword=changeit

But I am still getting the error:

java.io.IOException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
    org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:467)
    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
    org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    in.pwc.FormHandler.doPost(FormHandler.java:184)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
root cause

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
    sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
    org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:131)
    org.apache.http.conn.ssl.SSLSocketFactory.verifyHostname(SSLSocketFactory.java:648)
    org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:623)
    org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:115)
    org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:314)
    org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:360)
    org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
    org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:177)
    org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:77)
    org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:95)
    org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
    org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
    org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
    in.pwc.test.decrypt(test.java:62)
    org.apache.jsp.viewAdmin_jsp._jspService(viewAdmin_jsp.java:193)
    org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:439)
    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
    org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    in.pwc.FormHandler.doPost(FormHandler.java:184)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

I am assuming that my java and tomcat are using some other certificate store but I am unable to find the same.

How can I go about solving this error?

Update: I do not need my application to be https or using SSL the request its makes is an HTTPS request which has to be a verified one as a requirement of the appliance.

Aman
  • 85
  • 9

1 Answers1

0

As shown in this answer from another post:

If the server's certificate is self-signed, then this is working as designed and you will have to import the server's certificate into your keystore.

Assuming the server certificate is signed by a well-known CA, this is happening because the set of CA certificates available to a modern browser is much larger than the limited set that is shipped with the JDK/JRE.

You must import the proper Root CA into your keystore to validate the certificate. There's a reason you can't get around this with the stock SSL code, and that's to prevent you from writing programs that behave as if they are secure but are not.

This will solve your issue, but if you want only a local solution (that is not useful on production), you can find some options on this post.

Hope it helps you.

Community
  • 1
  • 1
yamilelias
  • 305
  • 2
  • 16
  • How do I identify what keystore my java application/tomcat 7 is using? In eclipse I can simply specify it in the JVM parameters. How do I do the same in a linux system? – Aman Nov 16 '16 at 07:02
  • Your keystore will be in your `JAVA_HOME > JRE> lib > security > cacerts`. You need to check where your JAVA_HOME is configured. Also, you can find more information in [Oracle Documentation](http://docs.oracle.com/javase/1.5.0/docs/tooldocs/windows/keytool.html). – yamilelias Nov 16 '16 at 07:05