In java SSL over https without certificate

Question

Is it possible to use ssl with httpconnection without using certificate in java? i wan to use a random number or a semetric key.

Thank Raihan

Answer 1

Look at the accepted answer on the following question:

How to ignore SSL certificate errors in Apache HttpClient 4.0

You just need to create a TrustManager that basically doesn't check anything and just trusts everything. Although I can see why this is useful whilst developing, this does kind of negate the purpose of SSL. The TrustManager is there to avoid Man In The Middle attacks where a third party poses as the server to intercept and manipulate data etc, therefore if you don't verify the servers certificate, anybody could provide an 'invalid' certificate!