how to bypass SSL authentication URL connection wise in java?

Question

I am creating a java application where I need to bypass SSL authentication for some URL connection, not for all URL connection. Currently I am using the following code:

TrustManager[] trustAllCerts = new TrustManager[] {
    new X509TrustManager() {
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return null;
        }
        public void checkClientTrusted (
            java.security.cert.X509Certificate[] certs, String authType) {
        }
        public void checkServerTrusted (
            java.security.cert.X509Certificate[] certs, String authType) {
        }
    }
};
try {
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); 
} catch (Exception e) {
}

In this code all URL connection skipping SSL authentication, until the application get restarted.

Is there any way so that we can skip SSL authentication check only for some URL connection, not for all URL connection?

there was problem in my certificate in server side, so I want to bypass SSL authentication for temporary time of period. — Rocky, Jun 05 '15 at 17:23

score 1 · Answer 1 · edited May 23 '17 at 11:51

1

Instead of using HttpsURLConnection.setDefaultSSLSocketFactory globally on the class, cast your URLConnection instance into an HttpsURLConnection instance and use setSSLSocketFactory(...).

Instead of bypassing all verification, it's better to use a specific truststore for these connections too, if you can, as described in this answer.

edited May 23 '17 at 11:51

Community

1
1

answered May 31 '15 at 18:40

Bruno

119,590
31
270
376

how to bypass SSL authentication URL connection wise in java?

1 Answers1