I am facing a weird issue wrto Apache HTTPS client. I am trying to connect to an external HTTPS website which has basic authentication turned on (SSL server authenticaion only). Here is the summary of my tests and conclusions.

• Use a either of Chrome/Firefox/IE to connect to the website -> success

• Use javax.net.ssl.HttpsURLConnection -> success

• Use either of DefaultHttpClient or SystemDefaultHttpClient -> failure

I tried to debug by enabling "javax.net.debug" to "ssl". I noticed that both the clients pick up the same trust store (default JDK trust store) and use the same protocol (TLSv1). However, the differences were here

I noticed that the following extension was returned by the JDK

Extension server_name, server_name: [host_name: websitehostname]

while the above extension was missing in the Apache web client debug log.

Also, one more difference I saw was in the certficate chain

The below response from JDK native

* Certificate chain chain [0] = [ [ Version: V3 Subject: **CN=websitename, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)13, OU=GT17702541, SERIALNUMBER=Q2La1fpFlFdNy4kUCIehYlMvw6bq64Ch Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

while in apache client the following

chain [0] = [ [ Version: V3 Subject: EMAILADDRESS=root@i4319, CN=i4319, OU=SomeOrganizationalUnit, O=SomeOrganization, L=SomeCity, ST=SomeState, C=-- Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

and obviously I get the following exception with apache https client.

Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

Before I go back and redo my work to use the JDK native client, I would like to know what is happening. Any insight on this behaviour would be appreciated.