Is it possible to disable ssl for https?

Question

Application on java. OkHttp version 2.7.5 is used. A request is made to another service and an error occurs.

SSLHandshakeException: sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target

I do not have a certificate. It seems there are solutions for the version of okHttp3. But the version can not be changed. How to solve a problem?

Answer 1

Is it possible to disable ssl for https?

Literally, no.

Use of SSL is fundamental to the HTTPS protocol. If you don't want to use SSL at all, configure your server with an HTTP endpoint and use that instead of HTTPS.

Furthermore use of SSL requires a certificate that is (at least) syntactically well-formed. That is also fundamental to the HTTPS protocol.

Now if the problem is that your server certificate has expired, then a possible solution is to use the approach described in:

• Make a connection to a HTTPS server from Java and ignore the validity of the security certificate .

And if the problem is that you cannot get a proper certificate for the server (eg you can't afford it) then an alternative solution is:

1. generate a self-signed certificate ; see How to generate a self-signed certificate using Java Keytool ,
2. install it on the server side,
3. configure the client as above to ignore certificate validity.

But note that doing either of those things has security issues.

There is a third solution that is more secure.

1. generate a self-signed certificate (as above)
2. install it on the server side,
3. use Keytool to add the certificate to the client app's keystore as a trusted certificate.

Answer 2

Why would you want to use HTTPS but do not have certificates, you should follow as Stephen mentioned above. However if you wanted to literally forget what https is meant for you can consider overriding the behavior

 private static OkHttpClient getUnprotectedClient() {
    try {
        // Create a trust manager that does not validate certificate chains
        final TrustManager[] trustAllCerts = new TrustManager[]{
            new X509TrustManager() {
                @Override
                public void checkClientTrusted(java.security.cert.X509Certificate[] chain,
                                               String authType) throws CertificateException {
                }

                @Override
                public void checkServerTrusted(java.security.cert.X509Certificate[] chain,
                                               String authType) throws CertificateException {
                }

                @Override
                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            }
        };

        // Install the all-trusting trust manager
        final SSLContext sslContext = SSLContext.getInstance("SSL");
        sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
        // Create an ssl socket factory with our all-trusting manager
        final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();


        return new okhttp3.OkHttpClient.Builder()
                .sslSocketFactory(sslSocketFactory, (X509TrustManager) trustAllCerts[0])
                .hostnameVerifier(new HostnameVerifier() {
                    @Override
                    public boolean verify(String hostname, SSLSession session) {
                        return true;
                    }
                }).build();

    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}