Java HttpClient – Accept all SSL Certificates

Sometimes we need to consume HTTPS endpoints that do not have valid certificates. 

We can do that by configuring the Java HttpClient to accept all SSL certificates, even from an untrusted Certificate Authority.

Here you will see how to communicate with HTTPS endpoint that may not have a valid SSL certificate. In the following example, we will use the Apache HttpClient.

First, we need to add Maven dependency:

<dependency>
    <groupid>org.apache.httpcomponents</groupid>
    <artifactid>httpclient</artifactid>
    <version>4.5.13</version>
</dependency>


Find other versions here → Apache HTTP Client.

If you are not using Maven, you can download JAR from the location above and put it into your project.

Configure Java HttpClient to accept all SSL certificates

Below is an example of configuring the HttpClient to allow invalid SSL certificates.

import org.apache.http.client.HttpClient;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.TrustAllStrategy;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;

import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;

public class Test {

  public static void main(String[] args) {

    HttpClient httpClient = HttpClients
            .custom()
            .setSSLContext(new SSLContextBuilder().loadTrustMaterial(null, TrustAllStrategy.INSTANCE).build())
            .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE)
            .build();

    // Use the httpClient instance to execute a request...
  }
}

With this config, we can avoid SSL certificate errors like SSLPeerUnverifiedException that we usually get when we try to consume an HTTPS URL that does not have a valid certificate.

I hope this tutorial was of some help to you. If you work with HttpClient then you might also be interested in learning how to use HttpClient to upload a file to the server

Happy learning!

Leave a Reply

Your email address will not be published. Required fields are marked *