Self-Signed Certificate Bypass Not Working

Question

CloseableHttpClient client = HttpClients.custom().setSSLHostnameVerifier(new NoopHostnameVerifier()).build();

is giving me an error of :

[sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

i.e. it is not adding all self-signed certificates as expected..

My HTTPClient version is 4.5.1 and HTTPCore is version 4.4.4

Please give me a solution without using deprecated methods like SSLContextBuilder

user1211 · Accepted Answer · 2015-12-08T21:18:31.003

6

Try using this snippet:

import java.security.*;
import org.apache.http.conn.ssl.*;


try
{
  SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy() {
    public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException
    {
      return true;
    }
  }).build();

  CloseableHttpClient client =HttpClients.custom().setSSLContext(sslContext).setSSLHostnameVerifier(new NoopHostnameVerifier())
                              .build();
 }
 catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e)
 {
   e.printStackTrace();
 }

edited Dec 08 '15 at 21:18

answered Dec 08 '15 at 21:14

user1211

1,507
1
18
27

1

I have the exact same issue as the OP. Why does the documentation say that NoopHostnameVerifier will skip SSL verification if in fact it doesn't skip it? – David Brossard Nov 18 '16 at 03:08
They operate at different protocol levels. See https://stackoverflow.com/a/23592269/3307565 – Michael R Nov 06 '20 at 02:09

Self-Signed Certificate Bypass Not Working

1 Answers1