java - ignore expired ssl certificate

Question

URL myUrl = new URL(\"https://www.....\");

SSL Certificate of website is expired. How to avoid it and make URL() work ?

Answer 1

I wrote a custom TrustManager to solve this problem, you can see it at https://gist.github.com/divergentdave/9a68d820e3610513bd4fcdc4ae5f91a1. This TrustManager wraps the offending X509Certificate in another class to disable the expiration check while leaving all other validation in place. (i.e. matches the hostname, chains to a trusted CA, signature valid, etc.)