Mercurial > hg > Blog

view content/Java/commons-httpclient-vs-self-signed-certs.md @ 103:6aa2fa328a94

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
New blog post on sonar and maven
author Dirk Olmes <dirk.olmes@codedo.de>
date Tue, 12 May 2020 08:30:22 +0200
parents 1d9382b0329b
children
line wrap: on
line source

Title: Apache commons-httpclient vs. self signed certificates
Date: 2013-10-03
Tags: httpclient
Lang: en

Recently I tried to retrieve HTML pages from a host that was using self signed HTTPS certificates. I used the excellent [Apache commons httpclient](http://hc.apache.org/httpcomponents-client-4.2.x/index.html) for the job. Their [tutorial](http://hc.apache.org/httpcomponents-client-4.2.x/tutorial/html/) is quite extensive and even gives examples about some customizations that can be made in the context of SSL. But being a good open source documentation, the tutorial only tells you the tiny details of tweaking individual settings, leaving the big picture for you to figure out. 

So how does all the talk about socket factories and SSLContext and friends go together with your [HttpClient](http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/client/HttpClient.html)?

Let's assume you already have a HttpClient instance at hand:

	:::java
    HttpClient client = new DefaultHttpClient();

Now let's configure all the socket factories and stuff that's required to make HTTPS traffic with self signed certificates work:

	:::java
    TrustStrategy trustStrategy = new TrustSelfSignedStrategy();
    X509HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
    SchemeSocketFactory socketFactory = new SSLSocketFactory(trustStrategy, hostnameVerifier);

And now let's put it all together:

	:::java
    Scheme https = new Scheme("https", 443, socketFactory);
    SchemeRegistry registry = client.getConnectionManager().getSchemeRegistry();
    registry.register(https);