Allowing Java to use an untrusted certificate for SSL/HTTPS connection

by

Here is some relevant code:

// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{
    new X509TrustManager() {
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return null;
        }
        public void checkClientTrusted(
            java.security.cert.X509Certificate[] certs, String authType) {
        }
        public void checkServerTrusted(
            java.security.cert.X509Certificate[] certs, String authType) {
        }
    }
};

// Install the all-trusting trust manager
try {
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
}

// Now you can access an https URL without having the certificate in the truststore
try {
    URL url = new URL("https://hostname/index.html");
} catch (MalformedURLException e) {
}

This will completely disable SSL checking—just don’t learn exception handling from such code!

To do what you want, you would have to implement a check in your TrustManager that prompts the user.

More Related Contents:

  1. Secure HTTP Post in Android
  2. How to force java server to accept only tls 1.2 and reject tls 1.0 and tls 1.1 connections
  3. Why is char[] preferred over String for passwords?
  4. Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
  5. Accept server’s self-signed ssl certificate in Java client
  6. How to retrieve a file from a server via SFTP?
  7. Encrypt Password in Configuration Files? [closed]
  8. How to deal with a slow SecureRandom generator?
  9. How do I access private methods and private data members via reflection?
  10. How do I create a Java sandbox?
  11. Keystore type: which one to use?
  12. how to Capture https with fiddler, in java
  13. Problems connecting via HTTPS/SSL through own Java client
  14. What is the security risk of object reflection?
  15. How to do an HTTPS POST from Android?
  16. Unit testing with Spring Security
  17. How to properly logout of a Java EE 6 Web Application after logging in
  18. Java and SSL – java.security.NoSuchAlgorithmException
  19. Disable Java reflection for the current thread
  20. How do you configure HttpOnly cookies in tomcat / java webapps?
  21. How to apply Spring Security filter only on secured endpoints?
  22. Prevent XXE Attack with JAXB
  23. Application vulnerability due to Non Random Hash Functions
  24. Simplest way to encrypt a text file in java
  25. How can I know if the request to the servlet was executed using HTTP or HTTPS?
  26. Unable to tunnel through proxy. Proxy returns “HTTP/1.1 407” via https
  27. How to hash a password with SHA-512 in Java?
  28. Using Apache httpclient for https
  29. How to obtain the location of cacerts of the default java installation?
  30. What is the best practice for securely storing passwords in Java

Leave a Comment