Ignoring self-signed certs in Groovy script

Question

I am trying to connect to a REST API running on a server with a self-signed cert. When I run the following code, I get this error:&nbsp;

Quote

SunCertPathBuilderException: unable to find valid certification path to requested target

&nbsp;

package DataSources.Groovy
import org.apache.http.HttpEntity
import org.apache.http.NameValuePair
import org.apache.http.client.entity.UrlEncodedFormEntity
import org.apache.http.client.methods.CloseableHttpResponse
import org.apache.http.client.methods.HttpGet
import org.apache.http.client.methods.HttpPost
import org.apache.http.impl.client.BasicCookieStore
import org.apache.http.impl.client.CloseableHttpClient
import org.apache.http.impl.client.HttpClients
import org.apache.http.impl.client.InternalHttpClient
import org.apache.http.message.BasicNameValuePair
import org.apache.http.util.EntityUtils
import java.util.concurrent.ConcurrentHashMap.ForEachEntryTask
import java.util.regex.Matcher
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.parsers.SAXParser
import org.apache.commons.codec.binary.Hex;
import groovy.json.*;
import groovy.util.XmlSlurper;
import groovy.xml.XmlUtil;
String eol = System.getProperty("line.separator");

CloseableHttpClient httpclient = HttpClients.createDefault();

def loginurl = "https://&lt;url&gt;:8445/finesse/api/Users";

httpGet = new HttpGet(loginurl);
httpGet.setHeader("Authorization", "Basic &lt;token&gt;");
response = httpclient.execute(httpGet);

&nbsp;

I did a little googling and tried the first answer from this StackOverflow post, but that was a no-go. Does the collector support any workaround?

Answer

The collector wouldn't have any way of working around this. It would have to be built into your script. Unfortunately, you've surpassed by Groovy fluency already.

This is why I use python (set verify=false and you're done).&nbsp;

mhashemi · Answer

Yeah, I normally work in PowerShell (and can work around it with that), but Groovy is less resource intensive. Hopefully someone else knows how make Groovy ignore the cert.

michael_baker · Answer

def nullTrustManager = [
    checkClientTrusted: { chain, authType -&gt;  },
    checkServerTrusted: { chain, authType -&gt;  },
    getAcceptedIssuers: { null }
]

def nullHostnameVerifier = [
    verify: { hostname, session -&gt;
        hostname.startsWith('ignore.this')
    }
]

javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL")
    sc.init(null, [nullTrustManager as  javax.net.ssl.X509TrustManager] as  javax.net.ssl.X509TrustManager[], null)
    javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory())
javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(nullHostnameVerifier as javax.net.ssl.HostnameVerifier)

def doRequest(urlPath, token) {
            def conn = "https://....".toURL().openConnection()
            return conn
    }

This will do it... my Groovy foo is not strong &nbsp;but I have this working using the above

Forum Discussion

Ignoring self-signed certs in Groovy script

3 Replies

Recent Discussions

Location / credentials / any custom property updater DataSource (framework)

Windows server CPU data collection issue-Error code 0x00000261

API searchId documentation?

Deep Dive troubleshooting question

Historical SDT en reporting