Comments on: Disable Certificate Validation in Java SSL Connections http://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/?utm_source=rss&utm_medium=rss&utm_campaign=disable-certificate-validation-in-java-ssl-connections Thoughts on Software Engineering Fri, 03 Feb 2012 18:06:16 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Ciekawostki różne « Wiadomości o technologiach IThttp://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/#comment-2042 Ciekawostki różne « Wiadomości o technologiach IT Fri, 27 Jan 2012 14:42:16 +0000 http://url/2009/07/16/disable-certificate-validation-in-java-ssl-connections/#comment-2042 [...] przejść do strony z wątpliwym (niezaufanym) certyfikatem SSL – http://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/ – w [...] [...] przejść do strony z wątpliwym (niezaufanym) certyfikatem SSL – http://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/ – w [...]

]]> By: Mikkel Flindt Heisterberghttp://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/#comment-1922 Mikkel Flindt Heisterberg Tue, 10 Jan 2012 16:08:18 +0000 http://url/2009/07/16/disable-certificate-validation-in-java-ssl-connections/#comment-1922 Sweet - just what I needed - thank you. Only thing I needed to add was a permission in my java.policy file like so: permission javax.net.ssl.SSLPermission "setHostnameVerifier"; Sweet – just what I needed – thank you. Only thing I needed to add was a permission in my java.policy file like so:
permission javax.net.ssl.SSLPermission “setHostnameVerifier”;

]]> By: How to read the file size of a document served at an HTTP/S URL using Java « Talking with a Lisphttp://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/#comment-1802 How to read the file size of a document served at an HTTP/S URL using Java « Talking with a Lisp Sun, 04 Dec 2011 17:04:44 +0000 http://url/2009/07/16/disable-certificate-validation-in-java-ssl-connections/#comment-1802 [...] I actually disabled the HTTPS certificate check by using the method described in this nifty blog: http://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/. In actual production use, however, HTTPS URLs are handled by using the actual certificates [...] [...] I actually disabled the HTTPS certificate check by using the method described in this nifty blog: http://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/. In actual production use, however, HTTPS URLs are handled by using the actual certificates [...]

]]> By: Madhuhttp://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/#comment-1378 Madhu Thu, 27 Oct 2011 16:32:13 +0000 http://url/2009/07/16/disable-certificate-validation-in-java-ssl-connections/#comment-1378 This is very helpful, it worked perfectly. The one change I did was making these two calls on the connection instance (instead of static calls)httpsConnection.setSSLSocketFactory(sc.getSocketFactory()); httpsConnection.setHostnameVerifier(allHostsValid); This is very helpful, it worked perfectly. The one change I did was making these two calls on the connection instance (instead of static calls)

httpsConnection.setSSLSocketFactory(sc.getSocketFactory());
httpsConnection.setHostnameVerifier(allHostsValid);

]]> By: How to make Apache Commons HttpClient 3.1 ignore HTTPS certificate invalidity? | Gravity Layoutshttp://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/#comment-1238 How to make Apache Commons HttpClient 3.1 ignore HTTPS certificate invalidity? | Gravity Layouts Fri, 07 Oct 2011 08:50:58 +0000 http://url/2009/07/16/disable-certificate-validation-in-java-ssl-connections/#comment-1238 [...] to a HTTPS server from Java and ignore the validity of the security certificate as well as Disable Certificate Validation in Java SSL Connections, but the accepted answer to the first is for HttpClient 4.0 (unfortunately I cannot upgrade, unless [...] [...] to a HTTPS server from Java and ignore the validity of the security certificate as well as Disable Certificate Validation in Java SSL Connections, but the accepted answer to the first is for HttpClient 4.0 (unfortunately I cannot upgrade, unless [...]

]]> By: kazhttp://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/#comment-1149 kaz Thu, 15 Sep 2011 18:05:28 +0000 http://url/2009/07/16/disable-certificate-validation-in-java-ssl-connections/#comment-1149 It works ... I found the issue I was having ... it was in an old script that was being used to run the client. ;-) it was setting the command line parameter: -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol ... which apparently did not recognize my hostname verifier. Thx for the response.JFYI ... all that is needed when using JAX-WS is:HttpsURLConnection.setDefaultHostnameVerifier( new HostnameVerifier() { public boolean verify(String urlHostName, SSLSession session) { log.debug( "Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost() ); return true; } } ); It works … I found the issue I was having … it was in an old script that was being used to run the client. ;-) it was setting the command line parameter: -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol … which apparently did not recognize my hostname verifier. Thx for the response.

JFYI … all that is needed when using JAX-WS is:

HttpsURLConnection.setDefaultHostnameVerifier( new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
log.debug( “Warning: URL Host: ” + urlHostName + ” vs. ” + session.getPeerHost() );
return true;
}
} );

]]> By: nakovhttp://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/#comment-1148 nakov Thu, 15 Sep 2011 11:17:09 +0000 http://url/2009/07/16/disable-certificate-validation-in-java-ssl-connections/#comment-1148 I have no idea. It worked at the time it was written. Now we have newer Java versions that could possibly work differently. I have no idea. It worked at the time it was written. Now we have newer Java versions that could possibly work differently.

]]> By: kazhttp://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/#comment-1147 kaz Thu, 15 Sep 2011 03:45:37 +0000 http://url/2009/07/16/disable-certificate-validation-in-java-ssl-connections/#comment-1147 Is this supposed to work when running the client from the command line? I have implemented this but I am still receiving the same error. You have any idea what may be happening? Is this supposed to work when running the client from the command line? I have implemented this but I am still receiving the same error. You have any idea what may be happening?

]]> By: nakovhttp://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/#comment-694 nakov Sun, 30 Jan 2011 15:53:40 +0000 http://url/2009/07/16/disable-certificate-validation-in-java-ssl-connections/#comment-694 I don't know. You could test it in Java ME environment, of course. I don’t know. You could test it in Java ME environment, of course.

]]> By: Amerhttp://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/#comment-693 Amer Fri, 28 Jan 2011 23:27:53 +0000 http://url/2009/07/16/disable-certificate-validation-in-java-ssl-connections/#comment-693 Can this code be used in j2me?Thanks Can this code be used in j2me?

Thanks

]]>