i quite newbie in java-spring world , don't how deal situation. have work api on https have certificates issued non-trusted ca. have code this:
resttemplate resttemplate = new resttemplate(); httpheaders headers = new httpheaders(); headers.add("content-type", "application/json;charset=utf-8"); headers.add("accept", "*/*"); responseentity<byte[]> responseentity = resttemplate.getforentity(url, byte[].class, headers);
of course because certificates not trusted used java error:
sun.security.validator.validatorexception: pkix path building failed: sun.security.provider.certpath.suncertpathbuilderexception: unable find valid certification path requested target; nested exception javax.net.ssl.sslhandshakeexception: sun.security.validator.validatorexception: pkix path building failed: sun.security.provider.certpath.suncertpathbuilderexception: unable find valid certification path requested target
so disabled certificate validation code:
public class sslcertificatevalidation { public static void disable() { try { sslcontext sslc = sslcontext.getinstance("tls"); trustmanager[] trustmanagerarray = { new nullx509trustmanager() }; sslc.init(null, trustmanagerarray, null); httpsurlconnection.setdefaultsslsocketfactory(sslc.getsocketfactory()); httpsurlconnection.setdefaulthostnameverifier(new nullhostnameverifier()); } catch(exception e) { e.printstacktrace(); } } private static class nullx509trustmanager implements x509trustmanager { public void checkclienttrusted(x509certificate[] chain, string authtype) throws certificateexception { system.out.println(); } public void checkservertrusted(x509certificate[] chain, string authtype) throws certificateexception { system.out.println(); } public x509certificate[] getacceptedissuers() { return new x509certificate[0]; } } private static class nullhostnameverifier implements hostnameverifier { public boolean verify(string hostname, sslsession session) { return true; } } }
now app works apis, on other hand working aws services app. , aws error:
c.a.h.amazonhttpclient - unable execute http request: java.lang.runtimeexception: unexpected error: java.security.invalidalgorithmparameterexception: trustanchors parameter must non-empty javax.net.ssl.sslexception: java.lang.runtimeexception: unexpected error: java.security.invalidalgorithmparameterexception: trustanchors parameter must non-empty
is there way disable certificate validation particular urls? give me helping hand, please? don't know should now.
ps know installing certificate java cacerts. unfortunately, doesn't fit situation.
instead of disabling ssl check, try installing certificate java cacerts, way (i assume self-signed cert) treated trusted certificate.
best way certificate owner of service provide you, other wise should able export certificate file pretty browser.
i won't go detail on installing certificate, because there answers on question how import selfsigned certificate java keystore available java applications default?
Comments
Post a Comment