Trust all SSL certificates in Java Playframework 2.2


asvignesh:

I'm trying to call a web service (with a self-signed SSL certificate) in the Play framework using the following function:

public static play.libs.F.Promise<Result> webcall() {
       String feedUrl = "https://10.0.1.1/client/api";
       final play.libs.F.Promise<Result> resultPromise = WS.url(feedUrl).get().map(
                    new Function<WS.Response, Result>() {
                        public Result apply(WS.Response response) {
                            return ok("Feed title:" + response.asJson().findPath("title").toString());
                        }
                    }
            );
            return resultPromise;
        }

It throws the following error in the log,

[error] play - Cannot invoke the action, eventually got an error: java.net.ConnectException: General SSLEngine problem to https://10.0.1.1/client/api
[error] application - 

! @6fpimpnp6 - Internal server error, for (GET) [/webcall] ->

play.api.Application$$anon$1: Execution exception[[ConnectException: General SSLEngine problem to https://10.0.1.1/client/api]]
    at play.api.Application$class.handleError(Application.scala:293) ~[play_2.10.jar:2.2.0]
    at play.api.DefaultApplication.handleError(Application.scala:399) [play_2.10.jar:2.2.0]
    at play.core.server.netty.PlayDefaultUpstreamHandler$$anonfun$2$$anonfun$applyOrElse$3.apply(PlayDefaultUpstreamHandler.scala:261) [play_2.10.jar:2.2.0]
    at play.core.server.netty.PlayDefaultUpstreamHandler$$anonfun$2$$anonfun$applyOrElse$3.apply(PlayDefaultUpstreamHandler.scala:261) [play_2.10.jar:2.2.0]
    at scala.Option.map(Option.scala:145) [scala-library.jar:na]
    at play.core.server.netty.PlayDefaultUpstreamHandler$$anonfun$2.applyOrElse(PlayDefaultUpstreamHandler.scala:261) [play_2.10.jar:2.2.0]
java.net.ConnectException: General SSLEngine problem to https://10.0.1.1/client/api
    at com.ning.http.client.providers.netty.NettyConnectListener.operationComplete(NettyConnectListener.java:103) ~[async-http-client.jar:na]
    at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:427) ~[netty.jar:na]
    at org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:413) ~[netty.jar:na]
    at org.jboss.netty.channel.DefaultChannelFuture.setFailure(DefaultChannelFuture.java:380) ~[netty.jar:na]
    at org.jboss.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1417) ~[netty.jar:na]
    at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1293) ~[netty.jar:na]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
    at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1362) ~[na:1.7.0_40]
    at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:513) ~[na:1.7.0_40]
    at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:790) ~[na:1.7.0_40]
    at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758) ~[na:1.7.0_40]
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[na:1.7.0_40]
    at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1225) ~[netty.jar:na]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.7.0_40]
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1683) ~[na:1.7.0_40]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:278) ~[na:1.7.0_40]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) ~[na:1.7.0_40]
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) ~[na:1.7.0_40]
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153) ~[na:1.7.0_40]
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) ~[na:1.7.0_40]
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[na:1.7.0_40]
    at sun.security.validator.Validator.validate(Validator.java:260) ~[na:1.7.0_40]
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) ~[na:1.7.0_40]
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:283) ~[na:1.7.0_40]
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:138) ~[na:1.7.0_40]
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) ~[na:1.7.0_40]
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) ~[na:1.7.0_40]
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) ~[na:1.7.0_40]
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[na:1.7.0_40]
    at sun.security.validator.Validator.validate(Validator.java:260) ~[na:1.7.0_40]
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) ~[na:1.7.0_40]

If I call the service using HttpsURLConnection it works fine by adding

TrustManager[] trustAllcerts = new TrustManager[]{
    new X509TrustManager() {

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            // TODO Auto-generated method stub
            return null;
        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType)
                throws CertificateException {
            // TODO Auto-generated method stub

        }

        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType)
                throws CertificateException {
            // TODO Auto-generated method stub

        }
    }};

javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");
sc.init(null, trustAllcerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HostnameVerifier allHostsValid = new HostnameVerifier() {

    @Override
    public boolean verify(String arg0, SSLSession arg1) {
        // TODO Auto-generated method stub
        return false;
    }
};
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);

How to trust all self signed / untrusted ssl certificates in Play Framework ?

Rahul Bobhate:

Try adding the following code to the conf/application.conffile

ws.acceptAnyCertificate=true

This will work if you are using Promisethe class . But if you call the service through other HttpClient it won't work.

Update : As of Play Framework 2.5 you should use the following -

play.ws.ssl.loose.acceptAnyCertificate=true

You can do this in a development environment, but never do it in a production environment as it can become a security threat. In a production environment, the client's certificate should be installed in the keystore.

Related


Trust all SSL certificates in Java Playframework 2.2

asvignesh: I'm trying to call a web service (with a self-signed SSL certificate) in the Play framework using the following function: public static play.libs.F.Promise<Result> webcall() { String feedUrl = "https://10.0.1.1/client/api"; final play.

Trust all SSL certificates in Java Playframework 2.2

Avines I'm trying to call a web service (with a self-signed SSL certificate) in the Play framework using the following function: public static play.libs.F.Promise<Result> webcall() { String feedUrl = "https://10.0.1.1/client/api"; final play.libs

Trust all SSL certificates in Java Playframework 2.2

asvignesh: I'm trying to call a web service (with a self-signed SSL certificate) in the Play framework using the following function: public static play.libs.F.Promise<Result> webcall() { String feedUrl = "https://10.0.1.1/client/api"; final play.

2 twisted SSL certificates

calombo I have the following code: from twisted.web.server import Site from twisted.web.static import Data from twisted.internet import reactor, ssl root = Data("", "text/plain") site = Site(root) reactor.listenSSL(config.ws_port, site,

2 twisted SSL certificates

calombo I have the following code: from twisted.web.server import Site from twisted.web.static import Data from twisted.internet import reactor, ssl root = Data("", "text/plain") site = Site(root) reactor.listenSSL(config.ws_port, site,

2 twisted SSL certificates

calombo I have the following code: from twisted.web.server import Site from twisted.web.static import Data from twisted.internet import reactor, ssl root = Data("", "text/plain") site = Site(root) reactor.listenSSL(config.ws_port, site,

JAX-WS, trust all ssl certificates doesn't work

Clemens Yes, I know, I shouldn't trust all SSL certificates. However, since there is a VPN tunnel, and depending on the transition phase, different servers (with different SSL certificates) need to be requested, I prefer the ignore-server-ssl-certificate(s) ap

JAX-WS, trust all ssl certificates doesn't work

Clemens Yes, I know, I shouldn't trust all SSL certificates. However, since there is a VPN tunnel, and depending on the transition phase, different servers (with different SSL certificates) need to be requested, I prefer the ignore-server-ssl-certificate(s) ap

Trust all certificates with okHttp

seato: seato: For testing, I'm trying to add a socket factory to my okHttp client that trusts everything when setting up the proxy. This has been done many times, but my implementation of the trusted socket factory seems to be missing something: class TrustEve

Trust all certificates with okHttp

seato: seato: For testing, I'm trying to add a socket factory to my okHttp client that trusts everything when setting up the proxy. This has been done many times, but my implementation of the trusted socket factory seems to be missing something: class TrustEve

Trust all certificates with okHttp

seato: seato: For testing, I'm trying to add a socket factory to my okHttp client that trusts everything when setting up the proxy. This has been done many times, but my implementation of the trusted socket factory seems to be missing something: class TrustEve

Java 7 - How SSL trusts all certificates

Uri Lukach I'm writing a Java proxy that uses SSL to communicate with other servers. With ServerSocketFactory and keystore and truststore populated by server certificate everything works perfectly. I was wondering, is there a way in Java 7 to disable authentic

Java 7 - How SSL trusts all certificates

Uri Lukach I'm writing a Java proxy that uses SSL to communicate with other servers. With ServerSocketFactory and keystore and truststore populated by server certificate everything works perfectly. I was wondering, is there a way in Java 7 to disable authentic

Do browsers trust wildcard SSL certificates?

Paul J I've set up a development server where I need to test a lot of LAMP sites. Their domain names are in the following format: https://webapp1.test.example.com https://anotherwebapp.test.example.com https://anotherclientssite.test.example.com I want to get

Apache: 2 SSL certificates, same DocumentRoot

Dusty Grist My website is configured apacheand now I'm trying to setup redirects correctly. My website uses wildcard SSL authentication and my ssl certificate covers *.mydomain.com. My certificate provider only covers one level of subdomains. My website URL is

Trust all certificates with HttpClient over HTTPS

Harrison Leigh: Recently posted a question about over HttpClientHttps ( found here ). I've made some progress, but I'm running into a new problem. As with my last question, I can't seem to find an example that works for me. Basically, I want my client to accep

CXF RESTful client - how to trust all certificates?

sdoca: I wrote a Jersey RESTful client that uses the Dumb X509TrustManager and HostnameVerifier to trust all SSL certificates on our lab system to make it easier to handle self-signed certificates. ClientConfig config = new DefaultClientConfig();

Trust all certificates with HttpClient over HTTPS

Harrison Leigh: Recently posted a question about over HttpClientHttps ( found here ). I've made some progress, but I'm running into a new problem. As with my last question, I can't seem to find an example that works for me. Basically, I want my client to accep

CXF RESTful client - how to trust all certificates?

sdoca: I wrote a Jersey RESTful client that uses the Dumb X509TrustManager and HostnameVerifier to trust all SSL certificates on our lab system to make it easier to handle self-signed certificates. ClientConfig config = new DefaultClientConfig();

Trust all certificates with HttpClient over HTTPS

Harrison Leigh: Recently posted a question about over HttpClientHttps ( found here ). I've made some progress, but I'm running into a new problem. As with my last question, I can't seem to find an example that works for me. Basically, I want my client to accep

Java - Standard SSL certificate all trust codes fail

Mints 97 I think that almost every Java programmer who has experience with SSL certificate trust errors by now has used or at least encountered the following code: // Create a trust manager that does not validate certificate chains TrustManager[] trust

Java and SSL certificates

Andy: I'm trying to use Secure Sockets Layer (HTTPS) to connect to a PHP script in Java, but I've found that for maximum security/validity I have to import the SSL certificate used by the website into my application. ..I do not know what to do. If it helps, my