Disable SSL certificate check in retrofit library

Question

I am using retrofit in android to connect with server.

public class ApiClient {     public static final String BASE_URL = "https://example.com/";     private static Retrofit retrofit = null;      public static Retrofit getClient() {         if (retrofit==null) {             retrofit = new Retrofit.Builder()                     .baseUrl(BASE_URL)                     .addConverterFactory(GsonConverterFactory.create())                     .build();         }         return retrofit;     } } 

This is my dev. server and I want to disable certificate check. How can I implement in this code?

ERROR: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

Answer 1

Use this class to get unsafe Retrofit instance. I have included imports to avoid confusion.

import java.security.cert.CertificateException;  import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager;  import okhttp3.OkHttpClient; import retrofit2.Retrofit; import retrofit2.converter.gson.GsonConverterFactory; import view.utils.AppConstants;  /**  * Created by Hitesh.Sahu on 11/23/2016.  */  public class NetworkHandler {      public static Retrofit getRetrofit() {          return new Retrofit.Builder()                 .baseUrl(AppConstants.BASE_URL)                 .addConverterFactory(GsonConverterFactory.create())                 .client(getUnsafeOkHttpClient())                 .build();     }       private static OkHttpClient getUnsafeOkHttpClient() {         try {             // Create a trust manager that does not validate certificate chains             final TrustManager[] trustAllCerts = new TrustManager[] {                     new X509TrustManager() {                         @Override                         public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {                         }                          @Override                         public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {                         }                          @Override                         public java.security.cert.X509Certificate[] getAcceptedIssuers() {                             return new java.security.cert.X509Certificate[]{};                         }                     }             };              // Install the all-trusting trust manager             final SSLContext sslContext = SSLContext.getInstance("SSL");             sslContext.init(null, trustAllCerts, new java.security.SecureRandom());             // Create an ssl socket factory with our all-trusting manager             final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();              OkHttpClient.Builder builder = new OkHttpClient.Builder();             builder.sslSocketFactory(sslSocketFactory);             builder.hostnameVerifier(new HostnameVerifier() {                 @Override                 public boolean verify(String hostname, SSLSession session) {                     return true;                 }             });              OkHttpClient okHttpClient = builder.build();             return okHttpClient;         } catch (Exception e) {             throw new RuntimeException(e);         }     } } 

And then simply use retrofit without ssl check like this

    private void postFeedbackOnServer() {          MyApiEndpointInterface apiService =                 NetworkHandler.getRetrofit().create(MyApiEndpointInterface.class);          Call<ResponseBE> call = apiService.submitFeedbackToServer(requestObject);          Log.e(TAG ,  "Request is" + new Gson().toJson(requestObject).toString() );          call.enqueue(new Callback<ResponseBE>() {             @Override             public void onResponse(Call<ResponseBE> call, Response<ResponseBE> response) {                 int statusCode = response.code();                  if (statusCode == HttpURLConnection.HTTP_OK) {                ......                  } else {                     Toast.makeText(FeedbackActivity.this, "Failed to submit Data" + statusCode, Toast.LENGTH_SHORT).show();                 }             }              @Override             public void onFailure(Call<ResponseBE> call, Throwable t) {                  // Log error here since request failed                 Toast.makeText(FeedbackActivity.this, "Failure" + t.getLocalizedMessage(), Toast.LENGTH_SHORT).show();              }         });     }