Apache commons-httpclient vs. self signed certificates

03.10.2013 by Dirk Olmes

Recently I tried to retrieve HTML pages from a host that was using self signed HTTPS certificates. I used the excellent Apache commons httpclient for the job. Their tutorial is quite extensive and even gives examples about some customizations that can be made in the context of SSL. But being a good open source documentation, the tutorial only tells you the tiny details of tweaking individual settings, leaving the big picture for you to figure out.

So how does all the talk about socket factories and SSLContext and friends go together with your HttpClient?

Let’s assume you already have a HttpClient instance at hand:

HttpClient client = new DefaultHttpClient();

Now let’s configure all the socket factories and stuff that’s required to make HTTPS traffic with self signed certificates work:

TrustStrategy trustStrategy = new TrustSelfSignedStrategy();
X509HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
SchemeSocketFactory socketFactory = new SSLSocketFactory(trustStrategy, hostnameVerifier);

And now let’s put it all together:

Scheme https = new Scheme("https", 443, socketFactory);
SchemeRegistry registry = client.getConnectionManager().getSchemeRegistry();


There are no comments yet.

Leave a comment
Your name: