Reputation: 25
Java - is it possible to verify a particular "hardcoded" self-signed certificate by fingerprint, and ignore hostname matches?
This is a continuation of this question (decided to make it separate just in case someone in the future will be looking into similar problem)
Basically, the set up is applet and servlet communicating.
Servlet's cert is self-signed and hardcoded into the applet.
Now, let's say I go the "make truststore in memory, import the hardcoded cert into it" route.
problem: servlet's IP/hostname are subject to change without warning
How would one go about making it so that the applet doesn't verify hostname for this particular cert, but still checks other things, such as fingerprint and such?
Additional considerations:
I'd rather avoid having my applet loose the ability to verify hostnames for other certificates.
I'd also like to avoid any browser popups and pleads for user input when dealing with the "hardcoded" cert (We put it there ourselves, of course we trust it ^_^)
Thank you very much for your kind help.
Upvotes: 1
Views: 680
Answers (1)
Reputation: 310883
Hostname checking only happens over HTTPS. If you're using SSL directly, you don't have the problem.
Upvotes: 1
Related Questions
- Java SSL: how to disable hostname verification
- How to programmatically disable certificate hostname verification in Java LDAP JNDI LDAP API?
- Disable Host name verification in Solr SSL setup using self-signed certificate
- Certificate hostname verification in java - subject alternative names
- Skip only hostname verification with Apache HttpClient
- Hostnameverifier implementation
- Ignoring hostname verification in Android SSL Sockets without HttpsUrlConnection
- Trust not trusted certificates and skip hostname verification
- get list of all hostnames matching certificate
- SSL Certificate without host name in it