2

In local development, where I have an API server running at https://localhost:8443 that uses a self signed certificate, I am (expectedly) greeted with the following error when trying to connect to it from my other grails app that uses RestClientBuilder (http://grails.org/plugin/rest-client-builder)

Message: unable to find valid certification path to requested target

I couldn't find any way of configuring RestClientBuilder to accept non trusted certificates. Note it is not an option for me to connect to the local server with plain http.

I will accept an answer that lets me configure my entire grails app (not just RestClientBuilder) to allow https connections to self signed certs only when running in development

Peter
  • 29,498
  • 21
  • 89
  • 122
  • Have you tried importing the certificate into your keystore for your local/dev machine? See the second answer: http://stackoverflow.com/questions/859111/how-do-i-accept-a-self-signed-certificate-with-a-java-httpsurlconnection ... The issue is you can't configure RestClientBuilder to use a different SSLFactory. – Joshua Moore Aug 26 '14 at 23:52
  • Every time the server fires up, it generates the self signed certificate on the fly (it is itself another grails app running in development mode), so it doesn't seem like that would work in this case as the cert would be different each time we restarted the server – Peter Aug 27 '14 at 00:04
  • Ah, I wasn't aware that it was also a Grails app running in development mode. I'm not sure what else to suggest then. Good question. – Joshua Moore Aug 27 '14 at 00:26
  • Seems to be related: [Where does grails store a self-generated SSL certificate?](https://stackoverflow.com/questions/16615974/where-does-grails-store-a-self-generated-ssl-certificate). – jww Aug 27 '14 at 02:54
  • *"Every time the server fires up, it generates the self signed certificate on the fly"* - that's OK, as long as the same public key is used. But it should not generate a new public key because that breaks key continuity schemes like pinning. The clients should use the public key to verify the host (like SSH). Then, the X509 certificate housing the public key just becomes a policy (like the public key is meant for `digitalSignatures` and `serverAuthentication`) with miscellaneous information (like company name and address). – jww Aug 27 '14 at 02:57
  • Please view my other answer https://stackoverflow.com/questions/23226817/grails-restclientbuilder/51277880#51277880 I'm disabling it for integration testing – Vadim Jul 11 '18 at 05:44

0 Answers0