While useful, this is not a recommended practice for obvious security reasons.
There may be cases where it makes sense to ignore certificate checking. For example, if a customer is running a server with a self-signed certificate.
A custom trust manager uses void functions to essentially accept all certificates, regardless of how they were signed.
Here’s the Java code for the trust manager:
package com.project;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
public class CustomTrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
// Accept all client certificates
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
// Accept all server certificates
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
Reference the above code in a bean as part of your Apache Camel flow.
<bean id="sslContextParameters" class="org.apache.camel.util.jsse.SSLContextParameters">
<property name="trustManagers">
<bean class="org.apache.camel.util.jsse.TrustManagersParameters">
<property name="trustManager">
<bean class="com.project.CustomTrustManager"/>
</property>
</bean>
</property>
</bean>
You will likely want to disable hostname checking as well, which can be done as part of the HTTP call itself.
First, add a bean for noopHostnameVerifier.
<bean id="noopHostnameVerifier" class="org.apache.http.conn.ssl.NoopHostnameVerifier"/>
Then add the option to your HTTP call.
x509HostnameVerifier=#noopHostnameVerifier
Here is an example of making an HTTP call using the above options.
<to uri="http:${{url}}?sslContextParameters=#sslContextParameters&x509HostnameVerifier=#noopHostnameVerifier"/>