2

I am trying to connect to a local cosmosdb runing the cosmosdb emulator in a windows VM. I have successfully created the port forwarding and can call it from my nodejs script. However I need to get this working with java and there are no docs on this website for this local cosmos instructions. I have seen java examples that show how to programatically ignore TLS/SSL validation however I would prefer JVM or property file option. The reason for this is that I only want this to occur locally for developers and not at all be in dev or prod. This is the error that I am getting:

javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Is there a way to add a property to property file or JVM option to turn off SSL/TLS validation? If so what is it? Other options aside from programmatic would be appreciated. Thanks.

slipperypete
  • 5,358
  • 17
  • 59
  • 99
  • Does this answer your question? https://stackoverflow.com/questions/4663147/is-there-a-java-setting-for-disabling-certificate-validation – DelfikPro Oct 07 '20 at 22:46
  • I saw that, but couldnt get it to work. I noticed folks with java8 couldnt get that to work. im on java11. I thought maybe there might be a more updated answer. – slipperypete Oct 07 '20 at 22:50

1 Answers1

0

I'm afraid isn't possible by adding some JVM property. If you don't want to configure it programmatically you need to add the root CosmosDB certificate to your JVM truststore on your dev server.

Andrei Kovrov
  • 2,087
  • 1
  • 18
  • 28
  • Ok. I thought I would be able to pass an option such as java -jar myjar.jar. Are you saying that is not possible? You can do it with nodejs so it seems like you should be able to do it with java. With node you do: NODE_TLS_REJECT_UNAUTHORIZED=0 node app.js .. Is this a capability node has but java does not? Thanks. – slipperypete Oct 07 '20 at 23:31
  • As far as I know, there's no flag/parameter to skip it. But maybe I'm wrong. Here's some [question](https://stackoverflow.com/questions/55338417/enable-ssl-certificate-revocation-checking-in-openjdk-11) about revocation certificates which may be useful for you – Andrei Kovrov Oct 07 '20 at 23:49