views:

142

answers:

2

I've been testing some that works with a bunch of https servers with different keys, some of which are invalid and all of them are not in the local key store for my JVM. I am really only testing things out, so I don't care about the security at this stage. Is there a good way to make POST calls to the server and tell Java not to worry about the security certificates?

My google searches for this have brought up some code examples that make a class to do the validation, that always works, but I cannot get it to connect to any of the servers.

A: 

You need to create a X509TrustManager which bypass all the security check. You can find an example in my answer to this question,

http://stackoverflow.com/questions/2703161/apache-httpclient-4-0-ignore-ssl-certificate-errors/2703233#2703233

ZZ Coder
And you then need to throw it away. There's no point in writing security code and then testing it in an insecure way. Fix the *problem*. If you don't want security, don't use SSL.I tremble to think how many times this thing has gone into production.
EJP
+1  A: 

As per the comments:

With Googled examples, you mean under each this one?

BalusC