java - OkHttp javax.net.ssl.SSLPeerUnverifiedException:
not verified - Stack Overflow
to customize your list.
Stack Overflow is a community of 4.7 million programmers, just like you, helping each other.
J it only takes a minute:
Join the Stack Overflow community to:
Ask programming questions
Answer and help your peers
Get recognized for your expertise
I've been trying for days to get this working. I'm trying to connect to my server over https with a self signed certificate. I don't think there is any pages or examples that I haven't read by now.
What I have done:
Created bks keystore by following this tutorial:
It uses openssl s_client -:443 to get the certificate from the server. Then creates a bks keystore using bouncy castle.
Reading created keystore from raw folder adding it to sslfactory and and then to OkHttpClient. Like this:
public ApiService() {
mClient = new OkHttpClient();
mClient.setConnectTimeout(TIMEOUT_SECONDS, TimeUnit.SECONDS);
mClient.setReadTimeout(TIMEOUT_SECONDS, TimeUnit.SECONDS);
mClient.setCache(getCache());
mClient.setCertificatePinner(getPinnedCerts());
mClient.setSslSocketFactory(getSSL());
protected SSLSocketFactory getSSL() {
KeyStore trusted = KeyStore.getInstance("BKS");
InputStream in = Beadict.getAppContext().getResources().openRawResource(R.raw.mytruststore);
trusted.load(in, "pwd".toCharArray());
SSLContext sslContext = SSLContext.getInstance("TLS");
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trusted);
sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
return sslContext.getSocketFactory();
} catch(Exception e) {
e.printStackTrace();
public CertificatePinner getPinnedCerts() {
return new CertificatePinner.Builder()
.add("", "sha1/theSha=")
This for some reason this always generates a SSLPeerUnverifiedException with or without the keystore. And with or without the CertificatePinner.
javax.net.ssl.SSLPeerUnverifiedException:
not verified: 0
W/System.err﹕ certificate: sha1/theSha=
W/System.err﹕ DN: 1.2.840..9.1=#fd,CN=,OU=development,O=domain,L=Valencia,ST=Valencia,C=ES
W/System.err﹕ subjectAltNames: []
W/System.err﹕ at com.squareup.okhttp.internal.http.SocketConnector.connectTls(SocketConnector.java:124)
W/System.err﹕ at com.squareup.okhttp.Connection.connect(Connection.java:143)
W/System.err﹕ at com.squareup.okhttp.Connection.connectAndSetOwner(Connection.java:185)
W/System.err﹕ at com.squareup.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:128)
W/System.err﹕ at com.squareup.okhttp.internal.http.HttpEngine.nextConnection(HttpEngine.java:341)
W/System.err﹕ at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:330)
W/System.err﹕ at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:248)
W/System.err﹕ at com.squareup.okhttp.Call.getResponse(Call.java:273)
W/System.err﹕ at com.squareup.okhttp.Call$ApplicationInterceptorChain.proceed(Call.java:230)
W/System.err﹕ at com.squareup.okhttp.Call.getResponseWithInterceptorChain(Call.java:201)
W/System.err﹕ at com.squareup.okhttp.Call.execute(Call.java:81)
What am I doing wrong?
2,48434065
I had the same problem, however I needed my application to work on several staging environments, all of which had self signed certs.
To make matters worse, they could change those certs on the fly.
To fix this, when connecting to staging only, I added a SSLSocketFactory which trusted all certs.
This fixed the java error, however it left me with the okhttp exception noted in this ticket.
To avoid this error, I needed to add one more customization to my okHttpClient.
This fixed the error for me.
okHttpClient.setHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
I finally got this working with a mix of multiple answers.
First, the certificates was made wrongly, not sure how. But by creating them using the script in
made them work. What was needed was a server certificate and a key. Then the client needed another certificate.
To use the certificate in android I converted the .pem file to a .crt file like this:
openssl x509 -outform der -in client.pem
-out client.crt
In android I added the certificate to my OkHttp client like the following:
public ApiService() {
mClient = new OkHttpClient();
mClient.setConnectTimeout(TIMEOUT_SECONDS, TimeUnit.SECONDS);
mClient.setReadTimeout(TIMEOUT_SECONDS, TimeUnit.SECONDS);
mClient.setCache(getCache());
mClient.setSslSocketFactory(getSSL());
protected SSLSocketFactory getSSL() {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream cert = getAppContext().getResources().openRawResource(R.raw.client);
Certificate ca = cf.generateCertificate(cert);
cert.close();
// creating a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
return new AdditionalKeyStore(keyStore);
} catch(Exception e) {
e.printStackTrace();
The last part with new AdditionalKeyStore() is taken from . Which adds a fallback keystore.
I hope this might help anyone else! This is the simplest way to get HTTPS working with a self-signed certificate that I have found. Other ways include having a BouncyCastle keystore which seems excessive to me.
2,48434065
Your Answer
Sign up or
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Post as a guest
By posting your answer, you agree to the
Not the answer you're looking for?
Browse other questions tagged
Stack Overflow works best with JavaScript enabledOkHttp 2.0 を使ってみた - Qiita
この投稿にどのような問題がありますか？ スパムです
攻撃的または迷惑な内容を含んでいます
不適切な内容を含んでいます
送信ストックストック済み解除からリンクからリンクからリンクからリンク Thank Thank
のところで、Socketへのアクセスが起こり、android.os.NetworkOnMainThreadExceptionが発生しました。
下のようにmainHandler.post()の外側にresponse.body().string()を移すと、Exceptionが起こらなくなりました。
public void onResponse(final Response response) throws IOException {
if (response.isSuccessful()) {
final String content = response.body().string();
mainHandler.post(new Runnable() {
public void run() {
listener.onSuccess(response, content);
mainHandler.post(new Runnable() {
public void run() {
listener.onFailure(response, null);
送信いただいたご意見への返信は行っておりません。返信の必要な内容については、 からお問い合わせください。android（8）
@1&span style=&font-family: Arial, Helvetica, sans-&&Request request = new Request.Builder().url(full_url).post(body).build)&/span&@2 response.body().string()
@1 &post请求里的body如果为null就会报错
@2 &返回结果 不能用toString()， 只能是string(),.....这个 感觉好奇怪
刚用这个框架的时候一直不知道用哪个东西来存放post数据(：没错， ，我是个大坑、、) 网上有几个 方法都找不到 最后找到这个。。如果有更好的 求推荐
FormBody.Builder par = new FormBody.Builder();
par.add(&page&, &0&);
par.add(&chatKind&, &1&);
RequestBody body = par.build();
con.post(this, OkHttpCon.getWenOnlineDoctorList, body, mHandler);
-------------------------------------------------------更新
* 以上用户言论只代表其个人观点，不代表CSDN网站的观点或立场
访问：883次
排名：千里之外
(2)(1)(2)(3)(1)