Link to home
Start Free TrialLog in
Avatar of onaled777
onaled777Flag for United States of America

asked on

Enabling SSL

I inherited code that has already had an interesting approach to enabling SSL.  It appears to allow connection to any ssl url, regardless of whether the certificates are there or not. My question is, will this work in just about any server environment, or does some configuration have to take place in advance? I am currently assessing the risks associated with this approach and in helping me with this question I hope to relay information accurately.

	public static void enableSSL() {
		
		TrustManager[] trustAllCerts = new TrustManager[] {
				new X509TrustManager() {
					@Override
					public X509Certificate[] getAcceptedIssuers() {
						return null;
					}

					@Override
					public void checkClientTrusted(final X509Certificate[] certs, final String authType) {
					}

					@Override
					public void checkServerTrusted(final X509Certificate[] certs, final String authType) {
					}

				}
		};

		try {
			SSLContext sc = SSLContext.getInstance("SSL");
			sc.init(null, trustAllCerts, new java.security.SecureRandom());
			HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
		} catch (Exception e) {
			logger.error(e.getMessage());
		}
		// Create all-trusting host name verifier
		HostnameVerifier allHostsValid = new HostnameVerifier() {
			@Override
			public boolean verify(final String hostname, final SSLSession session) {
				return true;
			}
		};
		// Install the all-trusting host verifier
		HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
    }

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of CEHJ
CEHJ
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial