Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Ignore CERT and Host Name Verification for Services Accessible Over https

DZone's Guide to

Ignore CERT and Host Name Verification for Services Accessible Over https

During development, it sometimes helps/speed up work if we ignore certificate and hostname verification for testing RESTful services accessible over https.

· Java Zone
Free Resource

Managing a MongoDB deployment? Take a load off and live migrate to MongoDB Atlas, the official automated service, with little to no downtime.


During development, it sometimes helps/speed up work if we ignore certificate and hostname verification for testing RESTful services accessible over https.

One such case would be auto-generated certs with some dummy hostname. 

You can do the following to ignore SSL cert and host name verification.

  1. Create your trust manager with null certificate
  2.  Override/set new SSL Scheme to allow all host names

if you are using org.springframework.web.client.RestTemplate, then you can reuse the method below to bypass cert/ssl validation.

/**
* WARNING!!! testing/development purpose only!!!
* @param restTemplate
* @throws Exception
*/
public static void ignoreCertAndHostVerification(RestTemplate restTemplate) throws Exception {
SSLContext sslContext = SSLContext.getInstance("SSL");
javax.net.ssl.TrustManager[] trustManagers= {new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
// TODO Auto-generated method stub
return null;
}
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
// TODO Auto-generated method stub
}
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
// TODO Auto-generated method stub
}
}
};
sslContext.init(null,trustManagers , new SecureRandom());
SSLSocketFactory sslFactory=new SSLSocketFactory(sslContext,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Scheme scheme=new Scheme("https",443,sslFactory);
HttpComponentsClientHttpRequestFactory factory=new HttpComponentsClientHttpRequestFactory();
factory.getHttpClient().getConnectionManager().getSchemeRegistry().register(scheme);
restTemplate.setRequestFactory(factory);
}

if you are using groovy's HttpBuilder, you can do the following:

def httpBuilder = new HTTPBuilder(baseURL)
def nullTrustManager = [
checkClientTrusted: { chain, authType ->  },
checkServerTrusted: { chain, authType ->  },
getAcceptedIssuers: { null }
]
def nullHostnameVerifier = [
verify: { hostname, session -> true }
]
SSLContext sc = SSLContext.getInstance("SSL")
sc.init(null, [nullTrustManager as X509TrustManager] as TrustManager[], new SecureRandom())
SSLSocketFactory sf=new SSLSocketFactory(sc)
sf.hostnameVerifier=SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER
httpBuilder.getClient().getConnectionManager().schemeRegistry.register(new Scheme("https",sf,443))
WARNING::::The above code is for testing purpose during development only.. not recommended for production!!! 


MongoDB Atlas is the easiest way to run the fastest-growing database for modern applications — no installation, setup, or configuration required. Easily live migrate an existing workload or start with 512MB of storage for free.

Topics:
java ,news ,groovy ,ssl ,https

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}