How to call SOAP web service use httpclient with SSL

Question

Please HELP NOW, I want to call a api via SOAP and use httpclient 4.5.5

My Code

static String callApi(String url, String requestXml)
{
    String responseXml = "";        
    CloseableHttpClient httpClient = null;
    HttpPost httpPost;
    try
    {
        httpClient = HttpClients.createDefault();
        httpPost = new HttpPost(url);

        httpPost.setHeader("Content-Type", "text/xml; charset=utf-8");
        httpPost.setHeader("x-ibm-client-id", Config.csp.validKey);

        StringEntity entiry = new StringEntity(requestXml, "UTF-8");

        httpPost.setEntity(entiry);

        HttpResponse response = httpClient.execute(httpPost);

        HttpEntity entity = response.getEntity();
        responseXml = EntityUtils.toString(entity, "UTF-8");

    }
    catch (Exception ex)
    {
        log.error("", ex);
    }
    finally
    {
        try
        {
            if (httpClient != null)
                httpClient.close();
        }
        catch (Exception ex)
        {
            log.error("", ex);
        }
    }
    return responseXml;
}

And when i debug then show error

javax.net.ssl.SSLPeerUnverifiedException: Certificate for <10.xx.xx.xx> doesn't match any of the subject alternative names: [*.domain.vn, domain.vn] at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:467) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:397) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) ~[httpclient-4.5.5.jar:4.5.5]

Please help. thank so much

Answer 1

You're not showing how you call callApi() but I'm guessing you're addressing your host with a 10.xx.xx.xx IP address instead of one of the names contained in its certificate.

You can't do this when host name verification is in force.

Preferably you should change to addressing it by its certificate common name or one of the Subject Alternative Names (SAN). However, if you can't do that, and since the 10.* IP address range is a private network you are probably safe to switch off host name verification for this server-to-server call.

Instead of this...

httpClient = HttpClients.createDefault();

Do this...

httpClient = HttpClients
               .custom()
               .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE)
               .build();

The syntax may be slightly different depending on the version of Apache HttpClient that you are using.

THIS DISABLES A SECURITY CONTROL. DON'T DO THIS WHEN CALLING HOSTS ON NETWORKS YOU DO NOT CONTROL.