Home >Java >javaTutorial >How to Handle Invalid SSL Certificates in Apache HttpClient Without KeyManager and TrustManager?

How to Handle Invalid SSL Certificates in Apache HttpClient Without KeyManager and TrustManager?

DDD
DDDOriginal
2024-11-04 19:58:02174browse

How to Handle Invalid SSL Certificates in Apache HttpClient Without KeyManager and TrustManager?

Handling Invalid SSL Certificates with Apache HttpClient

Question:

When using Apache HttpClient to establish an HTTPS connection, errors related to invalid SSL certificates are encountered. How can I overcome these errors while avoiding the use of KeyManager and TrustManager?

Answer:

Handling invalid SSL certificates in Apache HttpClient requires one of the following approaches:

  • Configuring SSLContext with a TrustManager that accepts any certificate
  • Configuring SSLContext with an appropriate trust store containing the required certificate
  • Adding the certificate to the default Java trust store

Implementing a TrustManager for Any Certificate:

The following code demonstrates how to create an SSLContext with a TrustManager that accepts any certificate:

<code class="java">import java.net.URL;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class SSLTest {
    
    public static void main(String [] args) throws Exception {
        // configure the SSLContext with a TrustManager
        SSLContext ctx = SSLContext.getInstance("TLS");
        ctx.init(new KeyManager[0], new TrustManager[] {new DefaultTrustManager()}, new SecureRandom());
        SSLContext.setDefault(ctx);

        URL url = new URL("https://mms.nw.ru");
        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
        conn.setHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String arg0, SSLSession arg1) {
                return true;
            }
        });
        System.out.println(conn.getResponseCode());
        conn.disconnect();
    }
    
    private static class DefaultTrustManager implements X509TrustManager {

        @Override
        public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {}

        @Override
        public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {}

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }
}</code>

The above is the detailed content of How to Handle Invalid SSL Certificates in Apache HttpClient Without KeyManager and TrustManager?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn