Java Client Handling Self-Signed SSL Certificates
When a Java client encounters an SSL connection to a server with a self-signed certificate, it may fail with an error like:
sun.security.validator.ValidatorException: PKIX path building failed
Option 1: Adding to Truststore
To establish trust, add the self-signed certificate to the JVM truststore:
<JAVA_HOME>/bin/keytool -import -v -trustcacerts \ -alias server-alias -file server.cer \ -keystore cacerts.jks -keypass changeit \ -storepass changeit
Option 2: Disabling Certificate Validation (Not Recommended)
Disable certificate validation with the following code:
// Trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType) {}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType) {}
@Override
public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; }
}
};
// Install trust manager
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());However, disabling certificate validation is not recommended as it leaves the client vulnerable to man-in-the-middle attacks.
The above is the detailed content of How Can a Java Client Handle Self-Signed SSL Certificates?. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
