Hi @wl105500396
You could technically turn off the certificate validation yes (though I would rather recommend properly handling certificates and adding your own to the keystore from the security perspective :)).
But that said, below snippet should give you an SSLContext thet won't do any of the certificate chain verification I think.
SSLContext context = SSLContextBuilder.create().build();
context.init(
null, new TrustManager[] {new X509ExtendedTrustManager() {
@Override
public void checkClientTrusted (X509Certificate[] chain, String authType, Socket socket) {
}
@Override
public void checkServerTrusted (X509Certificate [] chain, String authType, Socket socket) {
}
@Override
public void checkClientTrusted (X509Certificate [] chain, String authType, SSLEngine engine) {
}
@Override
public void checkServerTrusted (X509Certificate [] chain, String authType, SSLEngine engine) {
}
@Override
public X509Certificate [] getAcceptedIssuers () {
return null;
}
@Override
public void checkClientTrusted (X509Certificate [] certs, String authType) {
}
@Override
public void checkServerTrusted (X509Certificate [] certs, String authType) {
}
}},
new SecureRandom());