5

I'm using PHPStorm 7 to create a RESTful API. I wanted to use the built in REST Client but need to be able to tell it to allow untrusted SSL Certificates. I am using a self signed certificate on my test server.

At the moment when I send my request I get this response.

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

Is there an option I can change to ignore this?

Hackmodford
  • 3,769
  • 4
  • 29
  • 73
  • 4
    You can add your certificate to the list of java's **known** certificates, something like http://stackoverflow.com/questions/2893819/telling-java-to-accept-self-signed-ssl-certificate?rq=1 . Other than that -- http://youtrack.jetbrains.com/issue/WEB-7089 – LazyOne Nov 06 '13 at 15:32

1 Answers1

0

I would recommend creating your own Certificate Authority (CA) and generate certificates for your server(s) signed by it. You then have to add the CA public certificate to your local machine (probably into the Java store, and into Internet Explorer settings (if you're using Windows that is)).

Creating Your Own SSL Certificate Authority (and Dumping Self Signed Certs)

Custom SSL Certificate Authority?

Community
  • 1
  • 1
StampyCode
  • 5,041
  • 2
  • 22
  • 40
  • I'll look into this thanks! This might actually solve another problem I'm having. – Hackmodford Mar 06 '15 at 17:28
  • No worries, it's a common technique used by corporations to ensure secure connections between servers on internal networks - they wouldn't have any need for external CA verification, so they just create an internal one, and add their own CA certs into all browsers on their internal machines via policy. – StampyCode Mar 07 '15 at 19:23
  • Would this strategy work if I setup individual servers for our clients and I have one app that connects to their specific server? Do I create a CA and generate certificates for their servers and somehow tell the app to trust those certificates that I generated? – Hackmodford Mar 08 '15 at 19:45
  • If you require this for communications with external parties, I'd recommend buying an SSL certificate from one of the major official CAs, otherwise you're adding unnecessary complexity and risk to your and your clients' systems. It's not that expensive to buy a certificate, which would solve your problem. A custom CA it should be used for development or internal security only - remember if anyone else gets hold of your CA private key, they can then undetectably impersonate ANY secure website to any system who has trusted your CA public cert. – StampyCode Mar 09 '15 at 08:58