The Java Developers Almanac 1.4


Order this book from Amazon.

   
Home > List of Packages > javax.net.ssl  [4 examples]

e502. Disabling Certificate Validation in an HTTPS Connection

By default, accessing an HTTPS URL using the URL class results in an exception if the server's certificate chain cannot be validated has not previously been installed in the truststore. If you want to disable the validation of certificates for testing purposes, you need to override the default trust manager with one that trusts all certificates.
    // Create a trust manager that does not validate certificate chains
    TrustManager[] trustAllCerts = new TrustManager[]{
        new X509TrustManager() {
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            }
            public void checkClientTrusted(
                java.security.cert.X509Certificate[] certs, String authType) {
            }
            public void checkServerTrusted(
                java.security.cert.X509Certificate[] certs, String authType) {
            }
        }
    };
    
    // Install the all-trusting trust manager
    try {
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, new java.security.SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    } catch (Exception e) {
    }
    
    // Now you can access an https URL without having the certificate in the truststore
    try {
        URL url = new URL("https://hostname/index.html");
    } catch (MalformedURLException e) {
    }

 Related Examples
e499. Creating an SSL Client Socket
e500. Creating an SSL Server Socket
e501. Retrieving the Certification Path of an SSL Server


© 2002 Addison-Wesley.