Java Unirest disable cerificate

Question

May you tell me the way to disable certificate verify for using Unirest as rest client.

I use Unirest with Java Spring. Below is my source code:

try {
    HttpResponse<String> response = Unirest.post("myurl")
      .header("content-type", "application/json")
      .header("accept", "application/json")
      .body("my json data here")
      .asJson();
} catch (Exception e) {
    logger.info("==================REST CLIENT ERROR: "+e.getMessage());
}

The result:

==================REST CLIENT ERROR: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

score 5 · Answer 1 · edited Sep 21 '20 at 12:31

5

I know this thread is very old but just writing in case somebody else is looking for simpler way.

Unirest has now inbuilt support for this.

Unirest.config().verifySsl(false);

This worked for me.

edited Sep 21 '20 at 12:31

kk.

3,747
12
36
67

answered Sep 21 '20 at 12:15

Monu

51
1
4

Thank you for a quick tweak. – Usman Liaqat Apr 19 '21 at 12:34

score 3 · Answer 2 · answered Dec 19 '18 at 09:00

Before triggering your http post request set a custom http client to Unirest like as follow:

try {
        SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy() {
            public boolean isTrusted(X509Certificate[] chain, String authType) {
                return true;
            }
        }).build();
        HttpClient customHttpClient = HttpClients.custom().setSSLContext(sslContext)
                .setSSLHostnameVerifier(new NoopHostnameVerifier()).build();
        Unirest.setHttpClient(customHttpClient);
        HttpResponse<JsonNode> response = Unirest.post("myurl")
                .header("content-type", "application/json")
                .header("accept", "application/json")
                .body("my json data here")
                .asJson();
    } catch (Exception e) {
        logger.info("==================REST CLIENT ERROR: " + e.getMessage());
    }

BTW, Be aware that the asJson method returns JsonNode type, not String.

This looks like ignore every SSL verifying, doesn't it? – tiennv Nov 06 '21 at 16:38 — tiennv, Nov 06 '21 at 16:38

score 2 · Answer 3 · answered Sep 03 '21 at 17:27

Use this for setting verify ssl false

Unirest.config().verifySsl(false)

Note: If you are using com.mashape.unirest library v1.4.9 then you won't find config() method in it.

<dependency>
<groupId>com.mashape.unirest</groupId>
<artifactId>unirest-java</artifactId>
<version>1.4.9</version>

I switched to kong.unitrestjava and it has native config() method to set verifySsl false.

<dependency>
<groupId>com.konghq</groupId>
<artifactId>unirest-java</artifactId>
<version>3.11.13</version>

Java Unirest disable cerificate

3 Answers3