Reputation: 9042
Check whether the certificate is valid or not
I have the java code like this :
URL url = new URL(endPoint);
String encoding = Base64.encodeBase64String(this.key.getBytes());
connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod("POST");
connection.setDoOutput(true);
which is opening a ssl connection. Lets say the endPoint does uses a self-singed certificate and act as a original website. Is it possible to prevent these sort of things in the java code?
Thanks in advance.
Upvotes: 0
Views: 330
Answers (1)
Reputation: 34323
By default, the SSL implementation in Java checks against a list of trusted certification authorities, which is included in the Java VM. Unless you extend the default trust store, specify a different trust store at run time or provide your own implementation of a TrustManager and/or HostnameVerifier, you will not be able to make an SSL connection to a server with a self-signed certificate.
If you for some reason need access to the server certificates after you have established the connection, you can get these from an HttpsURLConnection like this:
URL url = new URL("https://www.google.com");
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.connect();
for(Certificate crt : conn.getServerCertificates()) {
System.out.println(crt);
}
Upvotes: 2
Related Questions
- How to check a Certificate is in default cacerts
- How to bypass ssl certificate checking in java
- How to debug Java HTTPS cert validation
- SSL Certificate Verification in Java
- SSL Certificate Verification : javax.net.ssl.SSLHandshakeException
- How can I inspect a HTTPS certificate before making a connection
- How do I retrieve an untrusted SSL server certificate in order to review and trust it?
- How can I check if an SSL configuration for an HTTPS connection is valid?
- Validate SSL Certification Java/Android
- How can I verify that a certificate is an EV certificate with Java?