Menu
I'm trying to create some sample Java projects that connect to a self-signed HTTPS server. I can't seem to get Java to stop trying to validate the certificate. I don't want to have to trust this certificate, I just want to ignore all certificate validation altogether; this server is inside my network and I want to be able to run some test apps without worrying about whether the certificate is valid.
java -Dcom.sun.net.ssl.checkRevocation=false HelloWorld
org.apache.axis2.AxisFault: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The -Dcom.sun.net.ssl.checkRevocation=false didn't help. I also tried adding the following code:
public static void DisableCertificateValidation() {
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() { return null; }
public void checkClientTrusted(X509Certificate[] certs, String authType) { }
public void checkServerTrusted(X509Certificate[] certs, String authType) { }
}
};
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
}
}
But still have the same issue. What's going on here?
532
To bypass SSL certificate validation for local and test servers, you can pass the -k or --insecure option to the Curl command. This option explicitly tells Curl to perform "insecure" SSL connections and file transfers. Curl will ignore any security warnings about an invalid SSL certificate and accept it as valid.
If the SSL certificate is not validates as trusted or does not match the target host, an HTTPS and other SSL encrypted connection cannot be established and all attempts will result in SSLHandshakeException or IOException.
You can tell Chrome to ignore all SSL certificate errors by passing the following at the command line at launch. If you're on Windows simply right-click into the properties of the launcher. Then add --ignore-certificate-errors in the target field. Then restart Chrome.
org.apache.axis2.AxisFault indicates that you're using Axis 2, and Axis 2 doesn't use HttpsURLConnection to make its HTTP(S) connections, but Apache HttpClient (3.x as far as I know), so HttpsURLConnection.setDefaultSSLSocketFactory(...) will have no effect there.
You can have a look at this answer about setting up an SSLContext for Axis 2, more specifically, this document: http://axis.apache.org/axis2/java/core/docs/http-transport.html#httpsupport
(Alternatively, you may be able to get away with setting the default SSLContext with SSLContext.setDefault(...), introduced in Java 6. Disabling certificate verification for your default SSL context is obviously not a good idea in a real application.)
71
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
