Menu
Per the docs, you can go through a rather clunky process of export a cert from a browser manually and getting it recognized locally. Is there anything similar to curl's --insecure switch to make this practical?
232
To ignore invalid and self-signed certificate checks on Curl, use the -k or --insecure command-line option. This option allows Curl to perform "insecure" SSL connections and skip SSL certificate checks while you still have SSL encrypted communications.
libcurl performs peer SSL certificate verification by default. This is done by using a CA certificate store that the SSL library can use to make sure the peer's server certificate is valid.
Note: this is a possible major security risk, when you put this in production, because you’ll basically disable all certification checks, which makes you vulnerable to a man in the middle attack. In this example we demonstrates how to ignore SSL/TLS Certificate errors in Apache HttpClient 4.5.
We configure a custom HttpClient. We begin by setting up an SSLContext using the SSLContextBuilder and use the TrustSelfSignedStrategy class to allow self signed certificates. Using the NoopHostnameVerifier essentially turns hostname verification off.
I have some resources I must access with SSL that use self-signed certificates. In general, most tools have a simple setting to allow these to be accessed without error or just a warning. However, it seems like the proper way to do this with the JVM is to import the signing certificate into a keystore as a CA.
When you try to make a request to a server which uses a self signed certificate and the certificate isn’t known by the client, you’ll receive the following exception. We use maven to manage our dependencies and are using Apache HttpClient version 4.5. Add the following dependency to your project.
Good news everyone! :-) Just found out that new version (0.7.1) of HttpBuilder introduces method:
ignoreSSLIssues() This solves all problems regarding invalid SSL certificates (of course you have to be aware that it also decreases security).
More information about this method: https://github.com/jgritman/httpbuilder/wiki/SSL (section at the bottom)
71
Found a way that non involve import of certificates or httpbuilder hacks
//== HTTPBUILDER IMPORTS @Grab(group='org.codehaus.groovy.modules.http-builder', module='http-builder', version='0.5.0-RC2' ) import groovyx.net.http.* import static groovyx.net.http.ContentType.* import static groovyx.net.http.Method.* //== END HTTPBUILDER IMPORTS import javax.net.ssl.X509TrustManager import javax.net.ssl.SSLContext import java.security.cert.X509Certificate import javax.net.ssl.TrustManager import java.security.SecureRandom import org.apache.http.conn.ssl.SSLSocketFactory import org.apache.http.conn.scheme.Scheme import org.apache.http.conn.scheme.SchemeRegistry def http = new HTTPBuilder( "https://your_unsecure_certificate_host" ) //=== SSL UNSECURE CERTIFICATE === def sslContext = SSLContext.getInstance("SSL") sslContext.init(null, [ new X509TrustManager() {public X509Certificate[] getAcceptedIssuers() {null } public void checkClientTrusted(X509Certificate[] certs, String authType) { } public void checkServerTrusted(X509Certificate[] certs, String authType) { } } ] as TrustManager[], new SecureRandom()) def sf = new SSLSocketFactory(sslContext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER) def httpsScheme = new Scheme("https", sf, 443) http.client.connectionManager.schemeRegistry.register( httpsScheme ) //================================ //do your http call with the http object http.request( .... If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
