Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2023-06-10 21:00:02 +0000

plato gravatar image

To bypass SSL certificate errors in Apache HttpClient 4.0, you can create a custom TrustManager that allows all certificates without validation, and then use it to create a custom SSLContext that is used by HttpClient.

Here is an example code to achieve this:

import javax.net.ssl.*;

public class SSLUtils {

    public static SSLContext createEasySSLContext() throws IOException {
        try {
            SSLContext context = SSLContext.getInstance("TLS");
            context.init(null, new TrustManager[] { new EasyX509TrustManager(null) }, null);
            return context;
        } catch (Exception e) {
            throw new IOException(e.getMessage());
        }
    }

    public static SSLConnectionSocketFactory createSSLSocketFactory() throws IOException {
        return new SSLConnectionSocketFactory(createEasySSLContext());
    }

    public static HttpClient createHttpClient() throws IOException {
        return HttpClients.custom().setSSLSocketFactory(createSSLSocketFactory()).build();
    }

    private static class EasyX509TrustManager implements X509TrustManager {

        private X509TrustManager standardTrustManager = null;

        public EasyX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException {
            super();
            TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            factory.init(keystore);
            TrustManager[] trustmanagers = factory.getTrustManagers();
            if (trustmanagers.length == 0) {
                throw new NoSuchAlgorithmException("No trust manager found");
            }
            this.standardTrustManager = (X509TrustManager) trustmanagers[0];
        }

        public void checkClientTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
            standardTrustManager.checkClientTrusted(certificates, authType);
        }

        public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
            if (certificates != null && certificates.length == 1) {
                certificates[0].checkValidity();
            } else {
                standardTrustManager.checkServerTrusted(certificates, authType);
            }
        }

        public X509Certificate[] getAcceptedIssuers() {
            return this.standardTrustManager.getAcceptedIssuers();
        }
    }
}

You can then use this custom HttpClient to make HTTPS requests as follows:

import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;

public class Main {

    public static void main(String[] args) throws Exception {
        HttpClient client = SSLUtils.createHttpClient(); // create custom HttpClient
        HttpGet request = new HttpGet("https://example.com");
        client.execute(request); // make request using custom HttpClient
    }
}

Note that bypassing SSL certificate errors is a security risk and should only be done in certain situations, such as testing or working with self-signed certificates in development environments. Ultimately, it is recommended to properly configure SSL certificates on your server rather than bypassing their validation.


Copyright QStack.ai, 2010-2023. Content on this site is licensed under the Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service | contact