A straight forward way to open self-signed HTTPS SSL URLs in java?

Question

I\'m building an application that needs to open self-signed HTTPS SSL URLs in java. I\'ve learned that you can bypass the SSL problems by adding a call to HttpsURLConnection.se

Answer 1

As much as I hate to say this, sometimes it's better to just go with the flow.

Java is attempting to make applications more secure through the use of proper SSL verification practices. In this case, it is succeeding: had you been able to tell the program "it's okay, accept the untrusted self-signed certificate", your program would have been vulnerable to a man-in-the-middle attack where Mallory puts his server (with its own self-signed certificate, just as valid as yours!) in between the host and the target it's attempting to communicate with. Then he proceeds to read all the traffic you thought was nice and safe, and you don't even notice.

So, your assertion that telling Java to "trust any self-signed certificate when connecting to this host" is secure is, regrettably, not correct.

You can get free, totally valid SSL certificates from StartSSL. They're good folks.