Turn off SSL certificate verification

Four Stars

Turn off SSL certificate verification

Hello,

 

Is there anyway to disable SSL certificate validation in Talend (v6.4.1)?

 

In a eclipse Java Project, if I add the next code, it works properly:

 

import javax.net.ssl.TrustManager;

import okhttp3.Headers;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;

import java.security.cert.CertificateException;
import java.util.Set;

public class Main
{
public static void main(String[] args) throws Exception
{
OkHttpClient cliente = getUnsafeOkHttpClient();

Request request = new Request.Builder()
.url("URL value")
.get()
.addHeader("language", "en")
.addHeader("accept", "application/json")
.build();

Response response = cliente.newCall(request).execute();

}
private static OkHttpClient getUnsafeOkHttpClient() { try { // Create a trust manager that does not validate certificate chains final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { @Override public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { } @Override public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { } @Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[]{}; } } }; // Install the all-trusting trust manager final SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); // Create an ssl socket factory with our all-trusting manager final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); OkHttpClient.Builder builder = new OkHttpClient.Builder(); builder.sslSocketFactory(sslSocketFactory, (X509TrustManager)trustAllCerts[0]); builder.hostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } }); OkHttpClient okHttpClient = builder.build(); return okHttpClient; } catch (Exception e) { throw new RuntimeException(e); } }
}

 

I've tried to put it in a tJava object, but it throws me the error:

 

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

Thanks in advance.

 

 

Employee

Re: Turn off SSL certificate verification

Hi,

 

    Could you please advise whether you have loaded all the dependent libraries to Talend job before running the code using tjava?

 

    I believe you have not added all the dependent libraries and that is the reason for the error.

 

Warm Regards,
Nikhil Thampi

Please appreciate our Talend community members by giving Kudos for sharing their time for your query. If your query is answered, please mark the topic as resolved :-)

Four Stars

Re: Turn off SSL certificate verification

Hello,

 

I attach the process...:

 

tLibraryLoad_1: I attach okhttp-3.11.0.jar

tLibraryLoad_2: I attach okio-1.15.0.jar

tJava_1: 

 

 

try {
	// Create a trust manager that does not validate certificate chains
	final TrustManager[] trustAllCerts = new TrustManager[] 
	{
        new X509TrustManager() 
        {
			@Override
		    public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String 			authType) throws CertificateException 
		    {
			}

		    @Override
		    public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String 			authType) throws CertificateException 
		    {
		    }

	        @Override
	        public java.security.cert.X509Certificate[] getAcceptedIssuers() 
	        {
		    	return new java.security.cert.X509Certificate[]{};
		    }
		 }
	};

	// Install the all-trusting trust manager
	final SSLContext sslContext = SSLContext.getInstance("SSL");
	sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
	// Create an ssl socket factory with our all-trusting manager
	final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

    OkHttpClient.Builder builder = new OkHttpClient.Builder();
    builder.sslSocketFactory(sslSocketFactory, (X509TrustManager)trustAllCerts[0]);
    builder.hostnameVerifier(new HostnameVerifier() 
    {
	    @Override
    	public boolean verify(String hostname, SSLSession session) 
	    {
			return true;
		}
	});

	OkHttpClient cliente = builder.build();

	Request request = new Request.Builder()
			.url("https://xxxxxxxx/security/auth/login?instance=yyyyyy")
			.get()
			.addHeader("client-id", "7ffd60e48b5")
			.addHeader("client-secret", "I5xJ1sJ2yY8cB4yP4bB0kU1vC4")
			.addHeader("authorization", "Basic ZnJhbmNpc2NvLmV4cG9zaXdvcmxkLmNvbTpNYXJjb3MyMDE0IXA=")
			.addHeader("language", "en")
			.addHeader("accept", "application/json")
			.build();
		
	Response response = cliente.newCall(request).execute();
	
	Headers headers = response.headers();
		Set<String> headersSet = headers.names();
		
		for (String headerAux : headersSet)
		{
			System.out.println(headerAux + " = " + headers.get(headerAux));
		}
		
		System.out.println(response);

} 
catch (Exception e) 
{
	throw new RuntimeException(e);
}

 

tRESTClient_1:

Url: "https://xxxxxxxx/"

Relative Path: "portfolio/people/"

HTTP Method: GET

Use Authentication: BASIC with user and pwd filled.

Advanced headers: 

client-id="7ffd60e48b5"
client-secret = "I5xJ1sJ2yY8cB4yP4bB0kU1vC4"
authorization = "Basic ZnJhbmNpc2NvLmV4cG9zaXdvcmxkLmNvbTpNYXJjb3MyMDE0IXA="
language = "en"
accept ="application/json"

 

If I execute the calls to the rest method in the tJava process, they work properly. But I get an error if the call is in the tRESTClient_1 component 

 

Thanks in advance.

 

Employee

Re: Turn off SSL certificate verification

Hi,

 

   I would suggest you to convert the current code to a user routine and then make calls to that routine from your Talend job.

 

   The steps remain same since you have the code ready. The only difference is that you need to add all the libraries to routine (Talend Help site has article for this step) and then add the routine to your Talend job using Preferences -> Talend -> Performance -> "Add all user routines to job dependencies, when creating a new job".

 

  Once this is done, the entire functionality is available to your job as a function (for example, system routines like creating a sequence) and you can call in other parts of your Talend job.

 

Warm Regards,
Nikhil Thampi

Please appreciate our Talend community members by giving Kudos for sharing their time for your query. If your query is answered, please mark the topic as resolved :-)

 

Four Stars

Re: Turn off SSL certificate verification

Hello,

 

I can call the routine from all tJava components (and probably others) and it works properly, but what about the tRESTClient or tREST components? I still have the same problem with them(I imagine it is because the connection is not done with the Java code)

 

Regards,

Francisco

Employee

Re: Turn off SSL certificate verification

Hi,

 

   If you could share the screenshots of what you are trying to achieve, it would be really helpful to understand your use case in better way.

 

Warm Regards,
Nikhil Thampi

Please appreciate our Talend community members by giving Kudos for sharing their time for your query. If your query is answered, please mark the topic as resolved :-)

Highlighted
Four Stars

Re: Turn off SSL certificate verification

Hi,

 

I only want to call an https service from the tRESTClient component avoiding the SSL certificate verification (I attach 3 images). 

 

Using Postman I can avoid the SSL certificate verification. In the tJava component of Talend too. I need the same with the tRESTClient component.

 

Regards,

Francisco

Four Stars

Re: Turn off SSL certificate verification

Also it works properly using SoapUI. Any idea to make it work in Talend?

Employee

Re: Turn off SSL certificate verification

Hi,

 

    I do not have much idea in this area and currently I am travelling.

 

    So lets ask others.

 

@xdshi - Could you please advise on this?

 

Warm Regards,
Nikhil Thampi

Please appreciate our Talend community members by giving Kudos for sharing their time for your query. If your query is answered, please mark the topic as resolved :-)

Moderator

Re: Turn off SSL certificate verification

Hello,

Are you trying to call an SSL enabled API by using tRestClient component?

Best regards

Sabrina

 

--
Don't forget to give kudos when a reply is helpful and click Accept the solution when you think you're good with it.
Four Stars

Re: Turn off SSL certificate verification

Hello,

 

Yes, but without installing any SSL certificate. In Soap UI, the calls to the methods work without installing anything.

 

Thanks in advance.

Four Stars

Re: Turn off SSL certificate verification

Hello,

 

I have downloaded the certificate from Firefox and I've created the keystore with the keytool command. After that, I've configured the tKeyStore component before the tRESTClient, but now I receive the error:

 

HTTPS hostname wrong:  should be <XXXXX>.

 

I've tried using the IP address and the hostname.

 

Any idea?

 

Thanks in advance.

Four Stars

Re: Turn off SSL certificate verification

Hello,

 

I have same issue. Any idea for this? 

Moderator

Re: Turn off SSL certificate verification

Hello @rizalad 

Could you please give us some background about your job? Did you setup a keystore  and access it with tKeyStore component before you connect to your API with tRestClient?

Best regards

Sabrina

--
Don't forget to give kudos when a reply is helpful and click Accept the solution when you think you're good with it.
Four Stars

Re: Turn off SSL certificate verification

Hi @xdshi ,

 

It quite same with @fexposito 

 

I only want to call an https service from the tRESTClient component avoiding the SSL certificate verification (I attach 1_job_on_talend.png & 2_error_job_on_talend.png). 

 

Using Postman I can avoid the SSL certificate verification (I attach 3_postman_test.png & 4_postman_result.png).

 

Four Stars

Re: Turn off SSL certificate verification

At the end we had to ask for a new (and correct) certificate on the server. It was not possible to avoid the certificate validation.

Our problem with the certificate was that the CN and the domain were different, and it is needed to be the same.

2019 GARNER MAGIC QUADRANT FOR DATA INTEGRATION TOOL

Talend named a Leader.

Get your copy

OPEN STUDIO FOR DATA INTEGRATION

Kickstart your first data integration and ETL projects.

Download now

What’s New for Talend Summer ’19

Watch the recorded webinar!

Watch Now

Best Practices for Using Context Variables with Talend – Part 4

Pick up some tips and tricks with Context Variables

Blog

How Media Organizations Achieved Success with Data Integration

Learn how media organizations have achieved success with Data Integration

Read

Definitive Guide to Data Integration

Practical steps to developing your data integration strategy.

Download