Connection timeouts to HTTPS URLs
Connection timeouts have nothing whatsoever to do with SSL certificates.
More likely you don't have the same HTTP Proxy settings as the browser. You need to set the system properties http.proxyHost
and http.proxyPort
to the same values used by the browser. If the HTTPS proxy settings are different from the HTTP proxy settings, set https.proxyHost
and https.proxyPort
accordingly.
EDIT For completeness: A lot of old sources erroneously mention a proxySet
property. There is not and has never been such a property in the JDK. It was in the short-lived and long-defunct HotJava Bean of 1997. Similarly http.proxySet
doesn't exist either. Proof: try setting them to false
in circumstances where they should be true,
and watch your program keep working.
Jordan
Updated on June 06, 2022Comments
-
Jordan almost 2 years
I'm needing to ignore all SSL certificates in Java, but I can't for the life of me get it to work. I've looked through the following pages listed below already, but nothing seems to work on every https link.
stackoverflow.com/questions/19517538/ignoring-ssl-certificate-in-apache-httpclient-4-3 stackoverflow.com/questions/13470998/ignoring-ssl-validation-in-java stackoverflow.com/questions/12060250/ignore-ssl-certificate-errors-with-java stackoverflow.com/questions/2694281/ignore-certificate-errors-when-requesting-a-url-in-java stackoverflow.com/questions/6681969/java-ignore-certificate-validation www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/ code.google.com/p/misc-utils/wiki/JavaHttpsUrl www.exampledepot.8waytrips.com/egs/javax.net.ssl/TrustAll.html www.obsidianscheduler.com/blog/ignoring-self-signed-certificates-in-java/ java.dzone.com/articles/how-ignore-cert-and-host-name gist.github.com/henrik242/1510165
I have a good reason for needing to do this so don't worry, but I really need to be able to do it. Basically, I'm needing to go through a list of internal https links and check to make sure that they are all still valid and aren't broken links. Some links works fine since the Java code ignores the certificate and can get an HTTP response header back, but others just timeout even though they work fine in my web browser. All of these links are internal company links.
I've tried using HttpsURLConnection as well as HttpGet and HttpClient. Could there be something else that I'm not thinking of, or something unrelated to Java that could be causing the pages to timeout? I just want to make sure the URL of the link exists. Here are the exceptions I am getting.
With HttpGet/SSLContextBuilder/PoolingHttpClientConnectionManager:
org.apache.http.conn.HttpHostConnectException: Connect to -removed- [-removed-] failed: Connection timed out: connect
With HttpsUrlConnection using X509TrustManager:
java.net.ConnectException: Connection timed out: connect
Specifically, I've tried the following and many variations of it based on the links posted above:
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public void checkClientTrusted(X509Certificate[] chain, String authType) {} public void checkServerTrusted(X509Certificate[] chain, String authType) {} public X509Certificate[] getAcceptedIssuers() { return null; } } }; // Install the all-trusting trust manager javax.net.ssl.SSLContext sc = null; try { sc = javax.net.ssl.SSLContext.getInstance("TLS"); sc.init(null, trustAllCerts, new SecureRandom()); // Create all-trusting host name verifier HostnameVerifier allHostsValid = new HostnameVerifier() { @Override public boolean verify(String arg0, SSLSession arg1) { return true; } }; // Install the all-trusting host verifier HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); }
I've also tried this as well as several variations: https://stackoverflow.com/a/19950935/1727920
-
Jordan over 10 yearsThank you so much, that's exactly what it was: https proxy. The sites that were timing out looked like internal URLs, but they were on an external cloud server. I had the http proxy set, but not the https. I would up vote you, but I don't have enough reputation points...
-
Bruno over 10 years@Triad, even if you can't up-vote now, you can always accept the answer (the tick next to the answer's score).
-
Jordan over 10 years@Bruno Thanks, went ahead and checked it.