Google Http Client For Java: Ignore Java.security.cert.certpathvalidatorexception: Trust Anchor For Certification Path Not Found

I'm using Google's HTTP Client for Java in my Android app. My server is temporarily using a self-signed certificate while we do QA testing. We'll have a properly signed cert when w

Solution 1:

I spent some time crawling through the javadocs for Google's HttpTransport and found my answer indirectly.

Google provides two implementations of HttpTransport: NetHttpTransport and ApacheHttpTransport. The former uses Java's basic HttpURLConnection to do all of the communication and is the preferred choice. The latter uses an Apache httpclient under the covers and the Google HttpTransport docs say to use the Apache one if you need advanced configuration parameters that aren't available in the basic NetHttpTransport.

Instead of initializing my transport constant like this:

staticfinalHttpTransportHTTP_TRANSPORT=newNetHttpTransport();

I'm using the ApacheHttpTransport Builder which gives an option to skip the certificate validation.

... new ApacheHttpTransport.Builder().doNotValidateCertificate().build();

NOTE: For anyone coming to this answer later, this is A BAD IDEA. I'm only doing this in a controlled QA environment and for a short period of time while we get our properly signed SSL certificate in place. Once our signed cert is in place, then I'll be going back to the original code above and requiring a properly signed certificate for all of my app's api communication.

DO NOT DO THIS IN PRODUCTION CODE. :)