This should NOT be used in production and is generally a very bad practice. Ignoring SSL certs might be acceptable in a non production environment or possibly if you are just scraping a website and not sending any sensitive data. Use with your own judgement.
SSL is great, when it works well. Unfortunately it can often be misconfigured which leads to dirty hacks like this. Knowing that this is a bad practice it can easily overcome the dreaded javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target error. This means the SSL cert's chain was probably not set up correctly or is using a lesser known SSL provider. The proper fix involves downloading the SSL cert and manually installing it into the Java keystore using the keytool. This can be a bit tedious especially if you have many servers. You should take the time to do it properly in production.
Custom TrustManager
This code was taken from the following gist. We will basically be creating a TrustManager that doesn't actually verify the certificates and just passes everything (bad!).
/*
* This is very bad practice and should NOT be used in production.
*/
private static final TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[]{};
}
}
};
private static final SSLContext trustAllSslContext;
static {
try {
trustAllSslContext = SSLContext.getInstance("SSL");
trustAllSslContext.init(null, trustAllCerts, new java.security.SecureRandom());
} catch (NoSuchAlgorithmException | KeyManagementException e) {
throw new RuntimeException(e);
}
}
private static final SSLSocketFactory trustAllSslSocketFactory = trustAllSslContext.getSocketFactory();
Trust all SSL certificates OkHttpClient
OkHttpClient conveniently lets you create a new Builder from an existing client. This allows us to take a preconfigured client and just overwrite how it handles SSL.
/*
* This should not be used in production unless you really don't care
* about the security. Use at your own risk.
*/
public static OkHttpClient trustAllSslClient(OkHttpClient client) {
log.warn("Using the trustAllSslClient is highly discouraged and should not be used in Production!");
Builder builder = client.newBuilder();
builder.sslSocketFactory(trustAllSslSocketFactory, (X509TrustManager)trustAllCerts[0]);
builder.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
return builder.build();
}
That's all there is to it. You should now be able to create a client that trusts all SSL certs as shown below.
OkHttpClient client = HttpClient.trustAllSslClient(preconfiguredClient);