Disabling Java Certificate Validation

Let’s see in this post how to disable the Java certificate validation for secure connections.

Before, I really recommend that you don’t do this when you intend to connect to somewhere outside of your DMZ, Disabling the trust manager defeats some parts of SSL and makes you vulnerable to man in the middle attacks, but wait, in this case, maybe even inside the DMZ… who knows 😀

Anyway, recently I had to authenticate to an internal MongoDb using SSL and I got some issues, how it was for a small internal application, the choice was just disabling the certificate validation.

private void disableCertificateValidations() {
      try {
         final SSLContext sslContext = SSLContext.getInstance("TLS");
         sslContext.init(null, new TrustManager[]{
               new X509TrustManager() {
                  public void checkClientTrusted(final X509Certificate[] x509Certificates, final String s) throws CertificateException {
                  }

                  public void checkServerTrusted(final X509Certificate[] x509Certificates, final String s) throws CertificateException {
                  }

                  public X509Certificate[] getAcceptedIssuers() {
                     return new X509Certificate[0];
                  }
               }
         }, new SecureRandom());

         SSLContext.setDefault(sslContext);
      } catch (Exception e) {

         LOGGER.error(e.getMessage());
      }
   }

This small snippet if used in a wrong way has the potential to put you in danger, be careful 🙂

Allan de Queiroz

Allan de Queiroz
London based software engineer

XServer forward from Linux text mode for Headless purposes.

Hello, this post is about XServer forward from Linux text mode, **not ssh forward, anything related to VNC** or things like that.Recently...… Continue reading