How to bypass ssl certificate checking in java

Question

I want access a SOAP webservice url having https hosted in a remote vm. I am getting an exception while accessing it using HttpURLConnection.

Here\'s my code:

<

Answer 1

Edit : Understand the vulnerability this would cause before using it. This is by no means recommended for production use.

The best way is to create a dummy trustmanager that trusts everything.

 TrustManager[] dummyTrustManager = new TrustManager[] { new X509TrustManager() {
      public java.security.cert.X509Certificate[] getAcceptedIssuers() {
        return null;
      }

      public void checkClientTrusted(X509Certificate[] certs, String authType) {
      }

      public void checkServerTrusted(X509Certificate[] certs, String authType) {
      }
    } };

Then use the dummy trustmanager to initialize the SSL Context

SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, dummyTrustManager, new java.security.SecureRandom());

Finally use the SSLContext to open connection

HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

    URL url = new URL("https://myhost:8913/myservice/service?wsdl");

This question has already been answered here in more detail Java: Overriding function to disable SSL certificate check

Update:

Above issue is due to certificate signature algorithm not being supported by Java. As per this post, later releases of Java 8 have disabled md5 algorithm.

To enable md5 support, locate java.security file under /lib/security and locate the line (535)

jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, 

and remove MD5