6

I'm trying to create some sample Java projects that connect to a self-signed HTTPS server. I can't seem to get Java to stop trying to validate the certificate. I don't want to have to trust this certificate, I just want to ignore all certificate validation altogether; this server is inside my network and I want to be able to run some test apps without worrying about whether the certificate is valid.

java -Dcom.sun.net.ssl.checkRevocation=false HelloWorld
org.apache.axis2.AxisFault: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:  sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

The -Dcom.sun.net.ssl.checkRevocation=false didn't help. I also tried adding the following code:

public static void DisableCertificateValidation() {
  TrustManager[] trustAllCerts = new TrustManager[]{
    new X509TrustManager() {
      public X509Certificate[] getAcceptedIssuers() { return null; }
      public void checkClientTrusted(X509Certificate[] certs, String authType) { }
      public void checkServerTrusted(X509Certificate[] certs, String authType) { }
    }
  };
  try {
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
  } catch (Exception e) {
  }
}

But still have the same issue. What's going on here?

Improve this question
1
  • have you managed to ignore certificate with axis2? Josip Commented Feb 10, 2012 at 12:26

2 Answers 2

Reset to default
10

org.apache.axis2.AxisFault indicates that you're using Axis 2, and Axis 2 doesn't use HttpsURLConnection to make its HTTP(S) connections, but Apache HttpClient (3.x as far as I know), so HttpsURLConnection.setDefaultSSLSocketFactory(...) will have no effect there.

You can have a look at this answer about setting up an SSLContext for Axis 2, more specifically, this document: http://axis.apache.org/axis2/java/core/docs/http-transport.html#httpsupport

(Alternatively, you may be able to get away with setting the default SSLContext with SSLContext.setDefault(...), introduced in Java 6. Disabling certificate verification for your default SSL context is obviously not a good idea in a real application.)

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Ahh, so Axis2 doesn't use HttpsUrlConnection, that explains a lot! Erm...I'm still not sure how to set up SSLContext here, sort of overwhelming amount of documentation, which I have trouble with because somehow I feel like it should be a simple switch somewhere.
Indeed, adding SSLContext.setDefault(sc) with the value of SSLContext.getInstance("TLS") (or SSLContext.getInstance("SSL")?) appears to work here.
4

This is an older question but I stumbled upon it and it kinda psuhed me in the right diretion. I could access an https url in axis2 without a valid client certificate by setting the params:

import org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory;
import org.apache.commons.httpclient.protocol.Protocol;

EasySSLProtocolSocketFactory easySSLProtocolSocketFactory;
try {
     easySSLProtocolSocketFactory = new EasySSLProtocolSocketFactory();
     Protocol.unregisterProtocol("https");
     Protocol.registerProtocol("https", new Protocol("https",
                  (ProtocolSocketFactory) easySSLProtocolSocketFactory, 443));
}
catch (GeneralSecurityException e) {
      e.printStackTrace();
}

Just be sure to do this before calling the axis2 service client. This is nothing I would do in production, but as a fast hack for an unsecured server that did the trick for me.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.