How to disable certificate validation in java
Solution 1
The "fix" and the exception appear unrelated: The fix disables verification of the server's certificate by the client while the exception indicates that the server deemed the client not authorized to access that URL.
Solution 2
This won't fix the problem. The 401 was transmitted over HTTPS and SSL, so the certificates are working perfectly.
In any case I strongly recommend you don't do this. You don't want different code executing in test and production. There is a strong risk the test code will leak into production and compromise security. And there is no point in testing insecure code.
Solution 3
Don't bother disabling it in your code, you can just add the certificate to your testing machines truststore and be 100% sure you don't ship a build with the check disabled.
Solution 4
As mentioned by others, the error 401 means that you really established the SSL connection, sent your request and were served back this 401 error. So your SSL code is fine.
When you open this page in the browser, are you getting a username/password prompt ? Maybe auto-login ? If this is the case, I would say that your code is missing this basic authentication or similar.
Jury A
Updated on June 05, 2022Comments
-
Jury A almost 2 years
I need to disable Java certificate validation for testing only. So I understand the risk. I used the following tutorial: http://www.rgagnon.com/javadetails/java-fix-certificate-problem-in-HTTPS.html
So the code is:
import java.io.InputStreamReader; import java.io.Reader; import java.net.URL; import java.net.URLConnection; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import java.security.cert.X509Certificate; public class Cert { public static void main(String[] args) throws Exception { /* * fix for * Exception in thread "main" javax.net.ssl.SSLHandshakeException: * sun.security.validator.ValidatorException: * PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: * unable to find valid certification path to requested target */ TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(X509Certificate[] certs, String authType) { } public void checkServerTrusted(X509Certificate[] certs, String authType) { } } }; SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); // Create all-trusting host name verifier HostnameVerifier allHostsValid = new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { return true; } }; // Install the all-trusting host verifier HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); /* * end of the fix */ URL url = new URL("https://www.nakov.com:2083/"); URLConnection con = url.openConnection(); Reader reader = new InputStreamReader(con.getInputStream()); while (true) { int ch = reader.read(); if (ch==-1) { break; } System.out.print((char)ch); } } }I still get the following error. Can any body help ?
Exception in thread "main" java.io.IOException: Server returned HTTP response code: 401 for URL: https://www.nakov.com:2083/ at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1615) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) at MainProject.Cert.main(Cert.java:56)