Java ignores certificate validation

Java

I'm trying to create some sample Java projects that connect to a self - signed HTTPS server I can't seem to stop Java from trying to validate the certificate I don't want to believe this certificate. I just want to completely ignore all certificate verification; This server is in my network. I hope to be able to run some test applications without worrying about whether the certificate is valid

java -Dcom.sun.net.ssl.checkRevocation=false HelloWorld
org.apache.axis2.AxisFault: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building Failed:  sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

-Dcom. sun. net. ssl. Checkrevocation = false does not help I also tried to add the following code:

public static void DisableCertificateValidation() {
  TrustManager[] trustAllCerts = new TrustManager[]{
    new x509trustmanager() {
      public X509Certificate[] getAcceptedIssuers() { return null; }
      public void checkClientTrusted(X509Certificate[] certs,String authType) { }
      public void checkServerTrusted(X509Certificate[] certs,String authType) { }
    }
  };
  try {
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null,trustAllCerts,new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
  } catch (Exception e) {
  }
}

But there are still the same problems What happened here?

Solution

org. apache. axis2. Axisfault indicates that you are using axis 2, and axis 2 does not use httpurlconnection to establish HTTP (s) connection, but Apache httpclient (as far as I know 3. X), so httpurlconnection Setdefaultsslsocketfactory (...) has no effect there

You can view this answer about setting sslcontext for axis 2. More specifically, this document: http://axis.apache.org/axis2/java/core/docs/http-transport.html#httpsupport

(alternatively, you can use sslcontext. SetDefault (...) introduced in Java 6 to set the default sslcontext In real applications, disabling certificate validation is obviously not a good idea for the default SSL context.)

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>