Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2026 Agenda Now Available: Explore Sessions
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Anonymous
Not applicable
‎2019-01-02 09:36 AM

Turn off SSL certificate verification

Hello,

 

Is there anyway to disable SSL certificate validation in Talend (v6.4.1)?

 

In a eclipse Java Project, if I add the next code, it works properly:

 

import javax.net.ssl.TrustManager;

import okhttp3.Headers;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;

import java.security.cert.CertificateException;
import java.util.Set;

public class Main 
{
public static void main(String[] args) throws Exception 
 {
OkHttpClient cliente = getUnsafeOkHttpClient();
 
 Request request = new Request.Builder()
 .url("URL value")
 .get()
 .addHeader("language", "en")
 .addHeader("accept", "application/json")
 .build();
 
Response response = cliente.newCall(request).execute();

}
private static OkHttpClient getUnsafeOkHttpClient() {
		  try {
		    // Create a trust manager that does not validate certificate chains
		    final TrustManager[] trustAllCerts = new TrustManager[] {
		        new X509TrustManager() {
		          @Override
		          public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
		          }

		          @Override
		          public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
		          }

		          @Override
		          public java.security.cert.X509Certificate[] getAcceptedIssuers() {
		            return new java.security.cert.X509Certificate[]{};
		          }
		        }
		    };

		    // Install the all-trusting trust manager
		    final SSLContext sslContext = SSLContext.getInstance("SSL");
		    sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
		    // Create an ssl socket factory with our all-trusting manager
		    final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

		    OkHttpClient.Builder builder = new OkHttpClient.Builder();
		    builder.sslSocketFactory(sslSocketFactory, (X509TrustManager)trustAllCerts[0]);
		    builder.hostnameVerifier(new HostnameVerifier() {
		      @Override
		      public boolean verify(String hostname, SSLSession session) {
		        return true;
		      }
		    });

		    OkHttpClient okHttpClient = builder.build();
		    return okHttpClient;
		  } catch (Exception e) {
		    throw new RuntimeException(e);
		  }
		}
}

 

I've tried to put it in a tJava object, but it throws me the error:

 

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

Thanks in advance.

 

 

Labels (4)
Labels
2,798 Views
0 Likes
15 Replies
Anonymous
Not applicable
‎2019-01-08 07:21 AM
Author

Hello,

 

Yes, but without installing any SSL certificate. In Soap UI, the calls to the methods work without installing anything.

 

Thanks in advance.

1,307 Views
0 Likes
Anonymous
Not applicable
‎2019-01-10 09:45 AM
Author

Hello,

 

I have downloaded the certificate from Firefox and I've created the keystore with the keytool command. After that, I've configured the tKeyStore component before the tRESTClient, but now I receive the error:

 

HTTPS hostname wrong:  should be <XXXXX>.

 

I've tried using the IP address and the hostname.

 

Any idea?

 

Thanks in advance.

1,307 Views
0 Likes
rizalad
Contributor
Contributor
‎2019-04-16 01:15 AM

Hello,

 

I have same issue. Any idea for this? 

1,307 Views
0 Likes
Anonymous
Not applicable
‎2019-04-17 03:51 AM
Author

Hello @rizalad 

Could you please give us some background about your job? Did you setup a keystore  and access it with tKeyStore component before you connect to your API with tRestClient?

Best regards

Sabrina

1,307 Views
0 Likes
rizalad
Contributor
Contributor
‎2019-04-17 10:53 PM

Hi @xdshi ,

 

It quite same with @fexposito 

 

I only want to call an https service from the tRESTClient component avoiding the SSL certificate verification (I attach 1_job_on_talend.png & 2_error_job_on_talend.png). 

 

Using Postman I can avoid the SSL certificate verification (I attach 3_postman_test.png & 4_postman_result.png).

 


1_job_on_talend.png
2_error_job_on_talend.png
3_postman_test.png
4_postman_result.png
1,307 Views
0 Likes
Anonymous
Not applicable
‎2019-04-23 04:28 AM
Author

At the end we had to ask for a new (and correct) certificate on the server. It was not possible to avoid the certificate validation.

Our problem with the certificate was that the CN and the domain were different, and it is needed to be the same.

1,307 Views
0 Likes