How to disable certificate validation in JAX-WS Client?

Question 1

How to disable certificate validation in JAX-WS Client?

java ssl https jax-ws

Question Asker · Sep 18, 2012 · Viewed 30.2k times · Source

Answer

Answer

I found a solution here: http://schrepfler.blogspot.com.br/2009/06/relaxing-ssl-validation-for-jaxws.html

I'm using that solution calling the two static methods on a static block at the main class, like this:

static {
    SSLUtilities.trustAllHostnames();
    SSLUtilities.trustAllHttpsCertificates();
}

Hope this helps

EDIT: As David J. Liszewski pointed out, this breaks SSL/TLS for all connections from this JVM. So, keep that in mind.

Question 2

How do you disable certificate validation in JAX-WS client using javax.xml.ws.Service?

I tried creating an all-trusting TrustManager in the SSLSocketFactory and tried to bind it with BindingProvider

SSLContext sc = SSLContext.getInstance("SSL"); 
sc.init(null, trustAllCerts, new java.security.SecureRandom()); 

Map<String, Object> ctxt = ((BindingProvider) wsport ).getRequestContext(); 
ctxt.put(JAXWSProperties.SSL_SOCKET_FACTORY, sc.getSocketFactory());

but I still getting Exception: unable to find valid certification path to requested target

But it works when I just use

HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

Or is there a way to make javax.xml.ws.Service use the HttpsURLConnection that I created?

How to disable certificate validation in JAX-WS Client?

Answer

Related questions