-
July 12th, 2010, 03:25 AM
#1
https connection how to ignore certificate
Hi,
I have
Code:
System.setProperty("javax.net.ssl.trustStore", location);
System.setProperty("javax.net.ssl.trustStorePassword", password);
//... some more code here
String Url = "https://server/path";
HttpURLConnection MySession = (HttpURLConnection)new URL(Url).openConnection();
//... some more code here
Via the MySession object I can communictate with the server. This all works fine. The problem is that the server uses a certificate signed by an unknown CA. In my code I can work around this problem via the setProperty commands and an own keystore I have created in 'location'.
The problem is of course that I cannot ask every user to create a personal keystore. The network communication is always to this server, so it is not the user who chooses a server it is a hardcoded server. The end user should not worry if the certificate is validated or not. I know some people would argue that this is a security issue, but at the end they are trusting my application as well. Please try avoiding discussing this aspect ;-)
The question is now how can I communicate with the server without these issues?
Can I somehow tell the coding to ignore certificate issues?
Can I somehow import the root certificate into my application that the user doesn't have to deal with it?
Thanks.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|