PoolingHttpClientConnectionManager: How to do Https requests?

java ssl apache-httpcomponents truststore
TorbenJ picture TorbenJ · Dec 11, 2013 · Viewed 27.6k times · Source

I'm currently trying to do multiple HttpGet requests at the same time with CloseableHttpClient.
I googled on how to do that and the answer was to use a PoolingHttpClientConnectionManager.

At this point I got this:

PoolingHttpClientConnectionManager cManager = new PoolingHttpClientConnectionManager();
CloseableHttpClient httpClient = HttpClients.custom()
    .setConnectionManager(cManager)
    .build();

Then I tried a HttpGet request to http://www.google.com and everything worked fine.

Then I created a truststore via cmd and imported the certificate of the targeted website, setup a SSLConnectionSocketFactory with my truststore and set the SSLSocketFactory of httpClient:

KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream inputStream = new FileInputStream(new File("myTrustStore.truststore"));
trustStore.load(inputStream, "nopassword".toCharArray());
inputStream.close();

SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(trustStore).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext,
    SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);

PoolingHttpClientConnectionManager cManager = new PoolingHttpClientConnectionManager();
CloseableHttpClient httpClient = HttpClients.custom()
    .setSSLSocketFactory(sslsf)
    .setConnectionManager(cManager)
    .build();

If I try to execute a Https HttpGet then I get a PKIX path building failed exception.
If I do the same without .setConnectionManager(cManager) everything works fine.

Can anyone of you tell me how I can get this to work? (Don't worry, I don't create any ddos tool)

Thanks in advance!

P.S.: I'm using HttpComponents 4.3.1

Answer

TorbenJ picture TorbenJ · Dec 11, 2013

Found the answer: https://stackoverflow.com/a/19950935/1223253

Just had to add

Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory> create().register("https", sslsf).build();

and pass socketFactoryRegistry as parameter to the constructor of PoolingHttpClientConnectionManager. Now it works just fine :)

Related questions

Ignoring SSL certificate in Apache HttpClient 4.3

How to ignore SSL certificate (trust all) for Apache HttpClient 4.3? All the answers that I have found on SO treat previous versions, and the API changed. Related: How to ignore SSL certificate errors in Apache HttpClient 4.0 How to handle invalid …

Read More
Unsupported record version SSLv2Hello using CloseableHttpClient

I am trying to make an https call and getting the following error: Unsupported record version SSLv2Hello Can anyone please shed some light on what I'm doing wrong? Thanks for your help. Here is the StackTrace: debug: Unsupported record …

Read More
Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?

Edit :- Tried to format the question and accepted answer in more presentable way at mine Blog Here is the original issue. I am getting this error: detailed message sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.…

Read More