Menu

Testing with invalid Digital Certificates

Help
Perryn Fowler
2003-10-03
2003-12-18

  • Perryn Fowler

    Perryn Fowler - 2003-10-03

    I am trying to use HTTPUnit to automate some manual web testing. Currently the certificates provided by our test server for SSL connections are expired since we dont want to have to buy new ones just for a test domain. In manual testing this is ok because the browser allows you to elect to use the certificate anyway, but HTTPUnit throws an exception.

    Is there anyway to get HTTPUnit to use an expired certificate?

    ta
    Pez

     

    • Wolfgang Jung

      Wolfgang Jung - 2003-12-18

      I've found the following code on the net for this purpose:

      <code>
      import java.security.cert.CertificateException;
      import java.security.cert.X509Certificate;

      import javax.net.ssl.HttpsURLConnection;
      import javax.net.ssl.SSLContext;
      import javax.net.ssl.TrustManager;
      import javax.net.ssl.X509TrustManager;
      ....

          // Create a trust manager that does not validate certificate chains:
          TrustManager[] trustAllCerts =
            new TrustManager[] {
              new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0];
              }
              public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
                return;
              }
              public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
                return;
              }
            }
          };

          // Install the all-trusting trust manager:
          SSLContext sc = SSLContext.getInstance("SSL");
          sc.init(null, trustAllCerts, new java.security.SecureRandom());
          HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
      </code>

       

Log in to post a comment.

MongoDB Logo MongoDB