Disabling SSL checks with Apache HttpClient 4.3.x

In some contexts, it might very useful to disable the SSL checks when connecting to https using Java. In my case, I was creating a temporary test server using Docker, where the proxy in front of my application was an Nginx with a self signed certificate.

Of course, when connecting with Java, this call is rejected because:

  • the certificate chain is invalid
  • the host name cannot be trusted

But the truth is: in this very context, I do not care.

Disclaimer: of course such checks MUST be enabled against a production-like environment or external system.

Using Apache HttpClient 4.x, disabling SSL checks is actually quite easy:

SSLConnectionSocketFactory sslSocketFactory;
if (disableSsl) {
    SSLContext ctx;
    try {
        X509TrustManager x509TrustManager = new X509TrustManager() {
            public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
            public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
                public X509Certificate[] getAcceptedIssuers() {
                return null;
        ctx = SSLContext.getInstance("TLS");
        ctx.init(new KeyManager[0], new TrustManager[]{x509TrustManager}, new SecureRandom());
    } catch (NoSuchAlgorithmException | KeyManagementException e) {
        throw new OTHttpClientSSLSetupException(e);
    sslSocketFactory = new SSLConnectionSocketFactory(
} else {
    sslSocketFactory = SSLConnectionSocketFactory.getSocketFactory();
Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
        .register("http", PlainConnectionSocketFactory.getSocketFactory())
        .register("https", sslSocketFactory)

HttpClient client = HttpClientBuilder.create()
            .setConnectionManager(new PoolingHttpClientConnectionManager(registry))

That's it. I fall back to the defaults when I do not want to disable the SSL checks.