Accept server’s self-signed ssl certificate in Java client

by

You have basically two options here: add the self-signed certificate to your JVM truststore or configure your client to

Option 1

Export the certificate from your browser and import it in your JVM truststore (to establish a chain of trust):

<JAVA_HOME>\bin\keytool -import -v -trustcacerts
-alias server-alias -file server.cer
-keystore cacerts.jks -keypass changeit
-storepass changeit

Option 2

Disable Certificate Validation:

// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] { 
    new X509TrustManager() {     
        public java.security.cert.X509Certificate[] getAcceptedIssuers() { 
            return new X509Certificate[0];
        } 
        public void checkClientTrusted( 
            java.security.cert.X509Certificate[] certs, String authType) {
            } 
        public void checkServerTrusted( 
            java.security.cert.X509Certificate[] certs, String authType) {
        }
    } 
}; 

// Install the all-trusting trust manager
try {
    SSLContext sc = SSLContext.getInstance("SSL"); 
    sc.init(null, trustAllCerts, new java.security.SecureRandom()); 
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (GeneralSecurityException e) {
} 
// Now you can access an https URL without having the certificate in the truststore
try { 
    URL url = new URL("https://hostname/index.html"); 
} catch (MalformedURLException e) {
}

Note that I do not recommend the Option #2 at all. Disabling the trust manager defeats some parts of SSL and makes you vulnerable to man in the middle attacks. Prefer Option #1 or, even better, have the server use a “real” certificate signed by a well known CA.

More Related Contents:

  1. Trusting all certificates using HttpClient over HTTPS
  2. Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
  3. Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  4. Java HTTPS client certificate authentication
  5. Unable to find valid certification path to requested target – error even after cert imported
  6. why doesn’t java send the client certificate during SSL handshake?
  7. Trust Store vs Key Store – creating with keytool
  8. How to fix the “java.security.cert.CertificateException: No subject alternative names present” error?
  9. How to handle invalid SSL certificates with Apache HttpClient? [duplicate]
  10. Importing the private-key/public-certificate pair in the Java KeyStore [duplicate]
  11. Simple Java HTTPS server
  12. SSLHandshakeException: No subject alternative names present
  13. HttpGet with HTTPS : SSLPeerUnverifiedException
  14. How to force java server to accept only tls 1.2 and reject tls 1.0 and tls 1.1 connections
  15. Problems connecting via HTTPS/SSL through own Java client
  16. Java and HTTPS url connection without downloading certificate
  17. Whats an easy way to totally ignore ssl with java url connections?
  18. How to do an HTTPS POST from Android?
  19. Enabling specific SSL protocols with Android WebViewClient
  20. Generate certificates, public and private keys with Java [closed]
  21. How can I know if the request to the servlet was executed using HTTP or HTTPS?
  22. Java SSLException: hostname in certificate didn’t match
  23. javax.net.ssl.SSLException: SSL handshake aborted Connection reset by peer while calling webservice Android
  24. Android SSL HttpGet (No peer certificate) error OR (Connection closed by peer) error
  25. Java Keytool error after importing certificate , “keytool error: java.io.FileNotFoundException & Access Denied”
  26. How to use TLS 1.2 in Java 6
  27. JavaMail IMAP over SSL quite slow – Bulk fetching multiple messages
  28. Properly closing SSLSocket
  29. Maven: resource binary changes file size after build
  30. Ignore self-signed ssl cert using Jersey Client [duplicate]

Leave a Comment