loading...
Cover image for Disable SSL certificate validation in Spring RestTemplate

Disable SSL certificate validation in Spring RestTemplate

mnpaa profile image Amit Kumar ・2 min read

We often run into certificate issue while using Rest Template.

RestTemplate can give any of the below error if SSL certificate of the target host is not valid :

  • PKIX path building failed: sun.security.provider.certpath

  • PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    javax.net.ssl.SSLHandshakeException: PKIX path building failed

Reasons for invalid SSL certificate could be many, including:

  1. Expired certificate
  2. Self-signed certificate
  3. Wrong host information in certificates
  4. Revoked certificate
  5. Untrusted root of certificate

How we deal with it in production and non-production environment ?

In production environment, we usually add the required certificates to our application key-store, which allows us to make the HTTPS request successfully.

In non production environments, while developing an application, we often need to disable ssl certificate validation (self-signed, expired, non trusted root, etc)
as we don’t want to go through the hassle of generating appropriate certificates and managing the key-store for testing purpose.

So, We configure RestTemplate to disable SSL validation (non-prod environment), and thus trust all kind of certificates whether valid or not in Spring Boot RestTemplate and allow http requests to the hosts without throwing exception.

public RestTemplate restTemplate() 
                throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
    TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;

    SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()
                    .loadTrustMaterial(null, acceptingTrustStrategy)
                    .build();

    SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext);

    CloseableHttpClient httpClient = HttpClients.custom()
                    .setSSLSocketFactory(csf)
                    .build();

    HttpComponentsClientHttpRequestFactory requestFactory =
                    new HttpComponentsClientHttpRequestFactory();

    requestFactory.setHttpClient(httpClient);
    RestTemplate restTemplate = new RestTemplate(requestFactory);
    return restTemplate;
 }

Note : Avoid SSL Validation for RestTemplate for development environment only.

For production environment, we must do certificate management and SSL verification as disabling SSL verification might lead to security risks.

Posted on by:

Discussion

pic
Editor guide