This post is more than 5 years old
7 Posts
0
1722
Self-Signed Certificate
In our QA environment, we are using a self signed certificate for an API Proxy that fronts Atmos. I am using the Atmos-Java component and would like to way to ignore the following error: javax.net.ssl.SSLException: hostname in certificate didn't match: ... Is there a way programatically to ignore this error for EsuRestApiApache class for non-producation environments?
For example, I have used the following code successfully to ignore the same problem when using HttpClient.:
protected static class TrustSelfSignedStrategy implements TrustStrategy
{
@Override
public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException
{
return true;
}
}
protected static ClientConnectionManager enableSelfSignedCerts() throws Exception
{
TrustStrategy trustStrategy = new TrustSelfSignedStrategy();
X509HostnameVerifier hostnameVerifier = new AllowAllHostnameVerifier();
SSLSocketFactory sslSf = new SSLSocketFactory(trustStrategy, hostnameVerifier);
Scheme https = new Scheme("https", 443, sslSf);
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(https);
ClientConnectionManager connection = new PoolingClientConnectionManager(schemeRegistry);
return connection;
}
public static void main(String[] args) {
try{
HttpHost targetHost = new HttpHost("hostname", 8443, "https");
DefaultHttpClient httpclient = new DefaultHttpClient(enableSelfSignedCerts());
// ...
} catch (Exception e) {
e.printStackTrace();
}
}
Sincerely,
Jeff
JasonCwik
281 Posts
0
September 28th, 2012 12:00
Out of the box there is not an easy way to disable certificate validation when using the Apache client. You have three options:
1) Add your self-signed certificate(s) to the default java keystore.
http://www.chrissearle.org/node/260
2) Modify EsuRestApiApache with getClient/setClient. You could then configure your own HttpClient instance with your custom socket factory.
3) Use the non-apache EsuRestApi, then use the code from the last comment on this page: http://code.google.com/p/atmos-java/wiki/SSL
JeffAyers
7 Posts
0
September 28th, 2012 13:00
Number 3 worked for me. Thanks again.