Disable SSL certificate validation in Java
Question
How can I disable certificate validation in java 8. I am trying to use https to connect to an other server but I keep getting this error:
Exception while providing content: [Thread[RMI TCP Connection(8)-192.168.56.1,5,RMI Runtime], 1549283885696] de.innovas.iaf.base_common.exceptions.NonRecoverableException: CT_0001_0[javax.xml.ws.soap.SOAPFaultException: Marshalling Error: com.sun.istack.SAXException2: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
[Thread[RMI TCP Connection(8)-192.168.56.1,5,RMI Runtime], 1549283885696] de.innovas.iaf.base_common.exceptions.NonRecoverableException: CT_0001_0[javax.xml.ws.soap.SOAPFaultException: Marshalling Error: com.sun.istack.SAXException2: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161)
at com.sun.proxy.$Proxy511.generatePdf(Unknown Source)
I tried to fix it by using -Dcom.sun.net.ssl.checkRevocation=false which i found here . I also tried adding my own certificate to the pool using Java Keytool. Both ideas didn't change anything. The problem might be that I generated my own certificate with openssl. That cant be signed by anyone which my result in the error.
It would be nice if I could simply disable SSL checks for testing purposes only. In a production scenario I will have a signed certificate.
1 answers
solution1
6 ACCPTED 2019-02-04 13:41:59
It is not advised to disable certificate validation unless it is only for testing purposes. How are you invoking the service in the first place?
If you are using Apache HttpClient:
SSLContext context = SSLContext.getInstance("TLSv1.2");
TrustManager[] trustManager = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkClientTrusted(X509Certificate[] certificate, String str) {}
public void checkServerTrusted(X509Certificate[] certificate, String str) {}
}
};
context.init(null, trustManager, new SecureRandom());
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(context,
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
HttpClient client = HttpClientBuilder.create().setSSLSocketFactory(socketFactory).build();
If you are using HttpsURLConnection:
SSLContext context = SSLContext.getInstance("TLSv1.2");
TrustManager[] trustManager = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkClientTrusted(X509Certificate[] certificate, String str) {}
public void checkServerTrusted(X509Certificate[] certificate, String str) {}
}
};
context.init(null, trustManager, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.