3

I am using HTTPRequest node to make requests using TLS. Is there a way to skip certificate validation (checking the certificate chain, the expiration date) with standard IIB settings? I know this is risky.

gisly
  • 673
  • 1
  • 8
  • 30

2 Answers2

4

In order to do this kind of things, there is a lot of workaround, but they are not that easy and quite horrible. I would suggest you to use a JavaCompute Node, using unix curl/wget commands for example (if running on Unix), or any other solution that is working on Java.

But I can confirm, you cannot use the default IIB nodes (like HTTPRequest) for this purpose.

jdel
  • 546
  • 2
  • 14
2

According to this, you have to handle the exception yourself because IBM will not provide you a flag since it is a major security risk.

SunScorpio19
  • 29
  • 6
OneZeroOne
  • 157
  • 1
  • 10
  • thanks, still, if I handle the exception, I won't be able to make the request, which was my goal. However, in this case we chose not to skip the validation as it is risky – gisly Mar 16 '18 at 08:41