{{announcement.body}}
{{announcement.title}}

Ignore CERT and Host Name Verification for Services Accessible Over https

DZone 's Guide to

Ignore CERT and Host Name Verification for Services Accessible Over https

During development, it sometimes helps/speed up work if we ignore certificate and hostname verification for testing RESTful services accessible over https.

· Java Zone ·
Free Resource


During development, it sometimes helps/speed up work if we ignore certificate and hostname verification for testing RESTful services accessible over https.

One such case would be auto-generated certs with some dummy hostname. 

You can do the following to ignore SSL cert and host name verification.

  1. Create your trust manager with null certificate
  2.  Override/set new SSL Scheme to allow all host names

if you are using org.springframework.web.client.RestTemplate, then you can reuse the method below to bypass cert/ssl validation.

/**
* WARNING!!! testing/development purpose only!!!
* @param restTemplate
* @throws Exception
*/
public static void ignoreCertAndHostVerification(RestTemplate restTemplate) throws Exception {
SSLContext sslContext = SSLContext.getInstance("SSL");
javax.net.ssl.TrustManager[] trustManagers= {new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
// TODO Auto-generated method stub
return null;
}
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
// TODO Auto-generated method stub
}
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
// TODO Auto-generated method stub
}
}
};
sslContext.init(null,trustManagers , new SecureRandom());
SSLSocketFactory sslFactory=new SSLSocketFactory(sslContext,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Scheme scheme=new Scheme("https",443,sslFactory);
HttpComponentsClientHttpRequestFactory factory=new HttpComponentsClientHttpRequestFactory();
factory.getHttpClient().getConnectionManager().getSchemeRegistry().register(scheme);
restTemplate.setRequestFactory(factory);
}

if you are using groovy's HttpBuilder, you can do the following:

def httpBuilder = new HTTPBuilder(baseURL)
def nullTrustManager = [
checkClientTrusted: { chain, authType ->  },
checkServerTrusted: { chain, authType ->  },
getAcceptedIssuers: { null }
]
def nullHostnameVerifier = [
verify: { hostname, session -> true }
]
SSLContext sc = SSLContext.getInstance("SSL")
sc.init(null, [nullTrustManager as X509TrustManager] as TrustManager[], new SecureRandom())
SSLSocketFactory sf=new SSLSocketFactory(sc)
sf.hostnameVerifier=SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER
httpBuilder.getClient().getConnectionManager().schemeRegistry.register(new Scheme("https",sf,443))
WARNING::::The above code is for testing purpose during development only.. not recommended for production!!! 


Topics:
java ,news ,groovy ,ssl ,https

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}