Disabling Certificate Validation in an HTTPS Connection - Java Security

Description

Disabling Certificate Validation in an HTTPS Connection

Demo Code

import java.net.MalformedURLException;
import java.net.URL;

import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class Main {
  public static void main(String[] args) {
    // Create a trust manager that does not validate certificate chains
    TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
      public java.security.cert.X509Certificate[] getAcceptedIssuers() {
        return null;
      }//from   w  w  w . j  a v  a2  s . c o  m

      public void checkClientTrusted(
          java.security.cert.X509Certificate[] certs, String authType) {
      }

      public void checkServerTrusted(
          java.security.cert.X509Certificate[] certs, String authType) {
      }
    } };

    // Install the all-trusting trust manager
    try {
      SSLContext sc = SSLContext.getInstance("SSL");
      sc.init(null, trustAllCerts, new java.security.SecureRandom());
      HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    } catch (Exception e) {
    }

    // Now you can access an https URL without having the certificate in the
    // truststore
    try {
      URL url = new URL("https://hostname/index.html");
    } catch (MalformedURLException e) {
    }
  }
}

• Previous
• Next

Related Tutorials

• AES encrypt
• Use JDK AES
• Creating a New Key Pair and Self-Signed Certificate Using keytool
• Getting the Subject and Issuer Distinguished Names of an X509 Certificate
• Adding a Certificate to a Key Store