Any Apache HttpClient 4.4 Example for trust self signed certificates

Solution 1

Thanks for reply, I found a sample code as below

SSLContext sslcontext = SSLContexts.custom().loadTrustMaterial(null,
        new TrustSelfSignedStrategy()).build();

// Allow TLSv1 protocol only, use NoopHostnameVerifier to trust self-singed cert
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext,
        new String[] { "TLSv1" }, null, new NoopHostnameVerifier());

//do not set connection manager
httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();

HttpPost httpPost = new HttpPost(url);

RequestConfig defaultRequestConfig = RequestConfig
        .custom()
        .setCookieSpec(CookieSpecs.DEFAULT)
        .setExpectContinueEnabled(true)
        .setTargetPreferredAuthSchemes(
                Arrays.asList(AuthSchemes.NTLM, AuthSchemes.DIGEST))
        .setProxyPreferredAuthSchemes(Arrays.asList(AuthSchemes.BASIC)).build();
RequestConfig requestConfig = RequestConfig.copy(defaultRequestConfig)
        .setSocketTimeout(TIME_OUT).setConnectTimeout(TIME_OUT)
        .setConnectionRequestTimeout(TIME_OUT).build();
httpPost.setConfig(requestConfig);

httpPost.setHeader("Content-type", "application/json");
StringEntity mEntity = new StringEntity(arg, "UTF-8");
mEntity.setContentType("application/json;charset=UTF-8");
mEntity.setContentEncoding(new BasicHeader(HTTP.CONTENT_TYPE,
        "application/json;charset=UTF-8"));
httpPost.setEntity(mEntity);

response = httpclient.execute(httpPost);

Solution 2

I could successfully disable the certificate verification (remember, it's insecure), by using the Alin's answer, but I had to modify his code this way:

SSLContext sslcontext = 
SSLContexts
.custom ()
.loadTrustMaterial ( 
    null, 
    new TrustStrategy ()
    {
        public boolean isTrusted ( X509Certificate[] chain, String authType ) throws CertificateException {
            return true;
        }
    })
.build();

SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory ( 
    sslcontext, null, null, new NoopHostnameVerifier () 
);

HttpClient httpClient = HttpClients
    .custom()
    .setSSLSocketFactory ( sslsf )
    .build();

... 

As you can see, I use the most liberal TrustStrategy possible, because TrustSelfSignedStrategy was giving me "unable to find valid certification path to requested target". Moreover, it seems I don't need to pass new String[] { "TLSv1" } to SSLConnectionSocketFactory, null should be interpreted as "all protocols".

This is now available here, which you can link from Maven, through the repo reported here.

Solution 3

i work with httpclient 4.5.2, you can use following code to bypass certificate verification, hope this helps

CloseableHttpClient client = HttpClients.custom()
      .setSSLContext(sslContext)
      .setSSLHostnameVerifier(new NoopHostnameVerifier())
      .build();

HttpPost post = new HttpPost(url);
//set post headers and params 
post.setHeader(....);
HttpResponse response = client.execute(post);

   ....
        SSLContext sslContext = SSLContexts.custom()         
        .loadTrustMaterial((KeyStore)null, new TrustSelfSignedStrategy()) 
               //I had a trust store of my own, and this might not work!
        .build();

        SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
            sslcontext,
            SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

        CloseableHttpClient httpclient = HttpClients
            .custom()
            .setHostnameVerifier(SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)
            .setSSLSocketFactory(sslsf).build();
        CloseableHttpResponse response = httpclient.execute(httpUriRequest);
        try {
            HttpEntity entity = response.getEntity();
            //do things
            if(entity != null) {
                entity.consumeContent();
            }
        } finally {
            response.close();
        }
   ....

Author by

Admin

Updated on June 05, 2022