Too late but here you have my solution. With this class you can turn off all ssl verifications in your project.
import org.springframework.stereotype.Component;
import lombok.extern.slf4j.Slf4j;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
@Slf4j
@Component
public class SslWarningRemover {
public SslWarningRemover() {
log.info("Disabling SSL warning...");
try {
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}
};
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
log.info("SSL verification disabled");
} catch (Exception e) {
log.error("Error while trying to disable SSL verification: " + e.getMessage(), e);
}
log.info("SSL warning process remover has finished!");
}
}
If you want to disable the SSL verification in a single RestTemplate, try this:
import java.io.IOException;
import java.net.HttpURLConnection;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.springframework.http.client.SimpleClientHttpRequestFactory;
import lombok.extern.slf4j.Slf4j;
@Slf4j
public class CustomClientHttpRequestFactory extends SimpleClientHttpRequestFactory {
private static final HostnameVerifier PROMISCUOUS_VERIFIER = new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
private static final TrustManager[] ALL_CERT_TRUST_MANAGER = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}
};
private static SSLContext ALL_CERT_TRUST_SSLCONTEXT = null;
static {
try {
ALL_CERT_TRUST_SSLCONTEXT = SSLContext.getInstance("SSL");
ALL_CERT_TRUST_SSLCONTEXT.init(null, ALL_CERT_TRUST_MANAGER, new SecureRandom());
} catch (Exception e) {
log.error("Error disabling SSL verification");
log.error(e.getMessage(), e);
}
}
private boolean disableSslVerification = false;
public CustomClientHttpRequestFactory(int connectTimeout, int readTimeout, boolean disableSslVerification) {
this.setConnectTimeout(connectTimeout);
this.setReadTimeout(readTimeout);
this.disableSslVerification = disableSslVerification;
}
@Override
protected void prepareConnection(HttpURLConnection connection, String httpMethod) throws IOException {
if (disableSslVerification && ALL_CERT_TRUST_SSLCONTEXT != null && connection instanceof HttpsURLConnection) {
((HttpsURLConnection) connection).setHostnameVerifier(PROMISCUOUS_VERIFIER);
((HttpsURLConnection) connection).setSSLSocketFactory(ALL_CERT_TRUST_SSLCONTEXT.getSocketFactory());
}
super.prepareConnection(connection, httpMethod);
}
}
Then, when you instance a RestTemplate object, use this:
RestTemplate restTemplate = new RestTemplate(new CustomClientHttpRequestFactory(connectTimeout, readTimeout, disableSslVerification));
with disableSslVerification parameter as true.