Need to ignore certificate when using restTemplate

Question

I am trying to send a request to following address. The certificate is not valid and I would like to ignore it. I wrote following code based on my research on 1, 2 but I am not able to complete it. I am using Java 1.7,

https://api.stubhubsandbox.com/search/catalog/events/v3 

Code

private static final TrustManager[] UNQUESTIONING_TRUST_MANAGER = new TrustManager[]{     new X509TrustManager() {         public java.security.cert.X509Certificate[] getAcceptedIssuers(){             return null;         }         public void checkClientTrusted( X509Certificate[] certs, String authType ){}         public void checkServerTrusted( X509Certificate[] certs, String authType ){}         public void checkClientTrusted(                 java.security.cert.X509Certificate[] arg0, String arg1)                 throws CertificateException {             // TODO Auto-generated method stub          }         public void checkServerTrusted(                 java.security.cert.X509Certificate[] arg0, String arg1)                 throws CertificateException {             // TODO Auto-generated method stub          }     } };  public static void main(String[] args) {     TrustStrategy acceptingTrustStrategy =       SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()             .loadTrustMaterial(null, acceptingTrustStrategy)             .build();      SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext);      CloseableHttpClient httpClient = HttpClients.custom()             .setSSLSocketFactory(csf)             .build();      HttpComponentsClientHttpRequestFactory requestFactory =             new HttpComponentsClientHttpRequestFactory();      requestFactory.setHttpClient(httpClient);      RestTemplate restTemplate = new RestTemplate(requestFactory);     String url = "https://api.stubhubsandbox.com/search/catalog/events/v3";     RestTemplate rest = new RestTemplate();     Map<String, String> mvm = new HashMap<String, String>();     mvm.put("Authorization", "Bearer TOKEEEEEEEN");     Object object = rest.postForObject(url, null, Object.class, mvm);     System.err.println("done");   } 

Answer 1

As you may have noticed, Spring's RestTemplate delegates all the HTTP(S) related stuff to the underlying implementation of ClientHttpRequestFactory. Since you're using the HttpClient-based implementation, here are a couple of useful SO links on how to achieve this for the internal HttpClient:

• Ignoring SSL certificate in Apache HttpClient 4.3
• How to ignore SSL certificate errors in Apache HttpClient 4.0

Apparently, since version 4.4, this can be done as:

CloseableHttpClient httpClient = HttpClients.custom().setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build();