While useful, this is not a recommended practice for obvious security reasons.

There may be cases where it makes sense to ignore certificate checking. For example, if a customer is running a server with a self-signed certificate.

Create a Custom Trust Manager

A custom trust manager uses void functions to essentially accept all certificates, regardless of how they were signed.

Here’s the Java code for the trust manager:

package com.project;
 
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
 
public class CustomTrustManager implements X509TrustManager {
 
    @Override
    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        // Accept all client certificates
    }
 
    @Override
    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        // Accept all server certificates
    }
 
    @Override
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}

Attach a Bean

Reference the above code in a bean as part of your Apache Camel flow.

<bean id="sslContextParameters" class="org.apache.camel.util.jsse.SSLContextParameters">
  <property name="trustManagers">
      <bean class="org.apache.camel.util.jsse.TrustManagersParameters">
          <property name="trustManager">
              <bean class="com.project.CustomTrustManager"/>
          </property>
      </bean>
  </property>
</bean>

Disable Hostname Checking

You will likely want to disable hostname checking as well, which can be done as part of the HTTP call itself.

First, add a bean for noopHostnameVerifier.

<bean id="noopHostnameVerifier" class="org.apache.http.conn.ssl.NoopHostnameVerifier"/>

Then add the option to your HTTP call.

x509HostnameVerifier=#noopHostnameVerifier

HTTP Call

Here is an example of making an HTTP call using the above options.

<to uri="http:${{url}}?sslContextParameters=#sslContextParameters&amp;x509HostnameVerifier=#noopHostnameVerifier"/>