Geek Answers Handbook

Make a connection to the HTTPS server with Java and ignore the validity of the security certificate

I tested a system that accesses a group of https servers with different keys, some of which are invalid, and all of them are not in the local keystore for my JVM. I really check things out, so at this point I don't care about security. Is there a way to make POST calls to the server and tell Java not to worry about security certificates?

My search queries on Google brought code examples that make a validation class that always works, but I can't connect it to any of the servers.

+5
source share
2 answers

According to the comments:

With examples in Googled, you mean, among others, this

Update : the link has broken, so here is an excerpt from the relevance that I saved from the online archive :

// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{
    new X509TrustManager() {
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return null;
        }
        public void checkClientTrusted(
            java.security.cert.X509Certificate[] certs, String authType) {
        }
        public void checkServerTrusted(
            java.security.cert.X509Certificate[] certs, String authType) {
        }
    }
};

// Install the all-trusting trust manager
try {
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {

}

// Now you can access an https URL without having the certificate in the truststore
try {
    URL url = new URL("https://hostname/index.html");
} catch (MalformedURLException e) {

}
+4
source

You need to create an X509TrustManager that bypasses all security checks. You can find an example in my answer to this question,

How to ignore SSL certificate errors in Apache HttpClient 4.0

0
source

More articles:


All Articles