I want to tell a java client request not to care about the remote servers self created SSL cert. In .NET I'm able to do this by manipulating the ServicePointManager. How can I do the same in Java?
A:
We need to know the SOAP/WS stack you are using as its underlying implementation can affect how SSL is handled. In most cases the stack will use the JVM wide JSSE settings under the covers, but how much control you have over the JSSE configuration varies.
If this is production, you really should consider setting up a proper PKI and trusting the CAs in your client JVM. If this is for testing, you should do the same for your test environment and still configure the JVM with your trusted CAs.
To configure trust in the JVM see the JSSE documentation for your version of Java.
To create JKS files to use with the JSSE settings, see the keytool documentaion for your version of Java.
If the keytool looks daunting to you, there are free GUIs out there on Google.
If you just can't or don't want to deal with setting up the trust properly, you can configure custom implementations of the JSSE classes to ignore trust. See this article for a code example of a TrustManager that doesn't do anything. You will need to configure this TrustManager as the default trust manager for the JVM as your SOAP/WS stack will likely not allow you to have per-connection control.
DavidValeri
2009-05-28 19:45:02