Why do I receive a connection reset when I tried to accept my SSL certificate using HTTPclient?

Question

I tried to accept my certificate to test my REST api. For that, I tried :

SSLContext sslcontext = SSLContexts
        .custom()
        .loadTrustMaterial(new File(KEYSTORE_PATH), KEYSTORE_PASSWORD,
                new TrustSelfSignedStrategy()).build();

SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
        sslcontext, new String[] { "TLSv1" }, null,
        SSLConnectionSocketFactory.getDefaultHostnameVerifier());

CloseableHttpClient closeableHttpClient = HttpClients.custom()
        .setSSLSocketFactory(sslsf)
        .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build();
try {
    HttpPost postRequest = new HttpPost(BASE_URL);

    CloseableHttpResponse response = closeableHttpClient
            .execute(postRequest);
    // try {
    HttpEntity entity = response.getEntity();

    EntityUtils.consume(entity);
    // } finally {
    // response.close();
    // }
} finally {
    closeableHttpClient.close();
}

The error happen when I do closeableHttpClient.execute(postRequest);

Variables are :

private static final String KEYSTORE_PATH = System.getProperty("java.home")
        + "/lib/security/cacerts".replace('/', File.separatorChar);
private static final char[] KEYSTORE_PASSWORD = "changeit".toCharArray();
private static final String BASE_URL = "http://localhost:9010/api";

note : I do not have a domain name, i'm on localhost. If I understood the error well it's my SSLConnectionSocketFactory closed too early. But I don't know how and why.

EDIT : I'm using HTTPClient. If I update the port HTTP to HTTPS, I receive another error : javax.net.ssl.SSLPeerUnverifiedException: Host name 'localhost' does not match the certificate subject provided by the peer

Are you using Apache HttpClient? If so, say that *somewhere* in your question, e.g. tag it. — Andreas, Dec 12 '16 at 10:51

score 0 · Accepted Answer · edited May 23 '17 at 12:02

I found the solution here : javax.net.ssl.SSLPeerUnverifiedException: Host name does not match the certificate subject provided by the peer My code is now :

SSLContext sslcontext = SSLContexts
        .custom()
        .loadTrustMaterial(new File(KEYSTORE_PATH), KEYSTORE_PASSWORD,
                new TrustSelfSignedStrategy()).build();

SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
        sslcontext, NoopHostnameVerifier.INSTANCE);

final Registry<ConnectionSocketFactory> registry = RegistryBuilder
        .<ConnectionSocketFactory> create()
        .register("http", new PlainConnectionSocketFactory())
        .register("https", sslsf).build();

final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(
        registry);
cm.setMaxTotal(100);

It's working but I'm still working on it (understand and find if I can do something else/better)! Thanks

Why do I receive a connection reset when I tried to accept my SSL certificate using HTTPclient?

1 Answers1