I have a wildcard for * .mydomain.com (names have been changed to protect the innocent ... this is NOT a real domain :))
When using correctly implemented Java HttpClient 4 (the problem does not occur in FF), service calls made using HTTPS on api.mydomain.com are successful where the same service calls made to non-production subdomains mydomain.com (developer.mydomain.com , api-beta.mydomain.com, api-uat.mydomain.com) generate this exception using the test harness code below:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148) at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149) at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:573) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732) at com.mydomain.httpclientexample.HttpClientTestv2.main(HttpClientTestv2.java:54)
While the SLL certificate on developer.mydomain.com, api-beta.mydomain.com and api-uat.mydomain.com seem to be the same WC certificate as api.mydomain.com, the exception is not observed on api .mydomain.com, but it is located on other subdomains. The code runs on api-na.mydomain.com and should work on non-production subdomains.
Any ideas?
Client code. As you can see, I can easily change the ADDRESS_VALIDATION_SERVICE_URI that I want to call. Api.mydomain.com works without SSLPeerUnverifiedException; the other three URIs throw an exception ...
package com.mydomain.httpclientexample; import java.io.IOException; import java.io.UnsupportedEncodingException; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.client.ClientProtocolException; import org.apache.http.client.methods.HttpPost; import org.apache.http.entity.StringEntity; import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.util.EntityUtils; public class HttpClientTestv2 { //public final static String ADDRESS_VALIDATION_SERVICE_URI = "https://developer.mydomain.com/v1.0/stores/MYSTORE/address/validate.xml"; public final static String ADDRESS_VALIDATION_SERVICE_URI = "https://api-beta.mydomain.com/v1.0/stores/MYSTORE/address/validate.xml"; //public final static String ADDRESS_VALIDATION_SERVICE_URI = "https://api-uat.mydomain.com/v1.0/stores/MYSTORE/address/validate.xml"; //public final static String ADDRESS_VALIDATION_SERVICE_URI = "https://api.mydomain.com/v1.0/stores/MYSTORE/address/validate.xml"; public final static String APIKEY_ATTRIBUTE_NAME = "apikey"; public final static String APIKEY_ATTRIBUTE_VALUE = "2c90bc83e821364ffa557486c3e2a44e"; /** * @param args */ public static void main(String[] args) { DefaultHttpClient httpclient = new DefaultHttpClient(); HttpPost httpPost = new HttpPost(ADDRESS_VALIDATION_SERVICE_URI); System.out.println("executing request" + httpPost.getRequestLine()); //set a request header httpPost.setHeader(APIKEY_ATTRIBUTE_NAME , APIKEY_ATTRIBUTE_VALUE); //add the xml body StringEntity postBody = null; try { postBody = new StringEntity(getXMLDoc(),"UTF-8"); } catch (UnsupportedEncodingException uee) { System.out.println("----------------------------------------"); System.out.println("Exception Caught in UnsupportedEncodingException catch block"); System.out.println("----------------------------------------"); uee.printStackTrace(); } httpPost.setEntity(postBody); HttpResponse response; try { response = httpclient.execute(httpPost); HttpEntity entity = response.getEntity(); System.out.println("----------------------------------------"); System.out.println(response.getStatusLine()); if (entity != null) { System.out.println("Response content length: " + entity.getContentLength()); System.out.println("Content:" + EntityUtils.toString(entity)); EntityUtils.consume(entity); // entity.consumeContent(); } } catch (ClientProtocolException e) { System.out.println("----------------------------------------"); System.out.println("Exception Caught in ClientProtocolException catch block"); System.out.println("----------------------------------------"); e.printStackTrace(); } catch (IOException e) { System.out.println("----------------------------------------"); System.out.println("Exception Caught in ClientProtocolException catch block"); System.out.println("----------------------------------------"); e.printStackTrace(); } // When HttpClient instance is no longer needed, // shut down the connection manager to ensure // immediate deallocation of all system resources httpclient.getConnectionManager().shutdown(); } private static String getXMLDoc() { StringBuffer XMLDoc = new StringBuffer("<?xml version=\"1.0\" encoding=\"UTF-8\"?><AddressValidationRequest xmlns=\"http://api.mydomain.com/schema/checkout/1.0\">") .append("<Header><MaxAddressSuggestions>5</MaxAddressSuggestions></Header>") .append("<Address><Line1>17243 S. Mill Ln</Line1><Line2/><City>Ocean View</City><MainDivision>DE</MainDivision><CountryCode>US</CountryCode><PostalCode>19970</PostalCode></Address>") .append("</AddressValidationRequest>"); return XMLDoc.toString(); } }
source share