justinhj justinhj - 2 years ago 78
Java Question

Make a connection to a HTTPS server from Java and ignore the validity of the security certificate

I've been testing a system that accesses a group of https servers with different keys, some of which are invalid and all of them are not in the local key store for my JVM. I am really only testing things out, so I don't care about the security at this stage. Is there a good way to make POST calls to the server and tell Java not to worry about the security certificates?

My google searches for this have brought up some code examples that make a class to do the validation, that always works, but I cannot get it to connect to any of the servers.

Answer Source

As per the comments:

With Googled examples, you mean among others this one?

Update: the link broke, so here's an extract of relevance which I saved from the internet archive:

// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{
    new X509TrustManager() {
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return null;
        public void checkClientTrusted(
            java.security.cert.X509Certificate[] certs, String authType) {
        public void checkServerTrusted(
            java.security.cert.X509Certificate[] certs, String authType) {

// Install the all-trusting trust manager
try {
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, new java.security.SecureRandom());
} catch (Exception e) {


// Now you can access an https URL without having the certificate in the truststore
try {
    URL url = new URL("https://hostname/index.html");
} catch (MalformedURLException e) {

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download