# HG changeset patch # User Dirk Olmes # Date 1380768186 -7200 # Node ID ba3f2e5c695021b643154b6e1587ba893bf2a455 # Parent cf946b0154747619ded94c8ce6f132e6a4d303f2 add a blog post on commons-httpclient diff -r cf946b015474 -r ba3f2e5c6950 content/Java/commons-httpclient-vs-self-signed-certs.md --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/content/Java/commons-httpclient-vs-self-signed-certs.md Thu Oct 03 04:43:06 2013 +0200 @@ -0,0 +1,24 @@ +Title: Apache commons-httpclient vs. self signed certificates +Date: 2013-10-03 +Tags: httpclient +Lang: en + +Recently I tried to retrieve HTML pages from a host that was using self signed HTTPS certificates. I used the excellent [Apache commons httpclient](http://hc.apache.org/httpcomponents-client-4.2.x/index.html) for the job. Their [tutorial](http://hc.apache.org/httpcomponents-client-4.2.x/tutorial/html/) is quite extensive and even gives examples about some customizations that can be made in the context of SSL. But being a good open source documentation, the tutorial only tells you the tiny details of tweaking individual settings, leaving the big picture for you to figure out. + +So how does all the talk about socket factories and SSLContext and friends go together with your [HttpClient](http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/client/HttpClient.html)? + +Let's assume you already have a HttpClient instance at hand: + + HttpClient client = new DefaultHttpClient(); + +Now let's configure all the socket factories and stuff that's required to make HTTPS traffic with self signed certificates work: + + TrustStrategy trustStrategy = new TrustSelfSignedStrategy(); + X509HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; + SchemeSocketFactory socketFactory = new SSLSocketFactory(trustStrategy, hostnameVerifier); + +And now let's put it all together: + + Scheme https = new Scheme("https", 443, socketFactory); + SchemeRegistry registry = client.getConnectionManager().getSchemeRegistry(); + registry.register(https);