Make a connection to a HTTPS server from Java and ignore the validity of the security certificate

views:

142

answers:

+1 Q:

Make a connection to a HTTPS server from Java and ignore the validity of the security certificate

I've been testing some that works with a bunch of https servers with different keys, some of which are invalid and all of them are not in the local key store for my JVM. I am really only testing things out, so I don't care about the security at this stage. Is there a good way to make POST calls to the server and tell Java not to worry about the security certificates?

My google searches for this have brought up some code examples that make a class to do the validation, that always works, but I cannot get it to connect to any of the servers.

You need to create a X509TrustManager which bypass all the security check. You can find an example in my answer to this question,

http://stackoverflow.com/questions/2703161/apache-httpclient-4-0-ignore-ssl-certificate-errors/2703233#2703233

ZZ Coder 2010-05-02 03:41:11

And you then need to throw it away. There's no point in writing security code and then testing it in an insecure way. Fix the *problem*. If you don't want security, don't use SSL.I tremble to think how many times this thing has gone into production.

EJP 2010-05-03 00:28:08

+1 A:

As per the comments:

With Googled examples, you mean under each this one?

BalusC 2010-05-02 04:31:03

ansaurus

tags:

views:

answers:

Make a connection to a HTTPS server from Java and ignore the validity of the security certificate

related questions