Resolving javax.net.ssl.SSLHandshakeException in a local environment with the Java Client and Ktor...

mart

I've been running FusionAuth in NestJS using the Typescript client without much issue for a while. Recently we decided to try using it in a new project with Ktor, so we tried the Java client and ran into an issue which we were able to resolve quite easily in NodeJS but is giving me somewhat of a headache now.

I'm running my local FusionAuth instance behind a dockerized instance of nginx to mimic our production environment as much as I can (very small projects, so this is all fine). This involves some self-signed certificates. Just setting rejectUnauthorised: false in development mode on the HTTPS agent did the trick in NestJS for making the client swallow the SSL verification complaints, but things don't seem to be as easy with Ktor/Java. Implementing a "trust-all" TrustManager doesn't seem to do the trick, and neither does providing Ktor with a custom JKS. I'm still getting a PKIX path building failed: unable to find valid certification path to requested target error.

I'm just wondering if anyone has managed to find a way to make the FusionAuth Java client ignore SSL verification, or if using the REST API with a configured HTTP client is the only way to go.

dan

@mart

Hmmm. Haven't seen this before.

https://www.jvt.me/posts/2020/08/16/globally-disable-tls-java-httpsurlconnection/ looks interesting.

The java client uses https://github.com/inversoft/restify/ under the covers, so maybe there's some setting in that library? The docs are sparse (some might say not there at all) but the code is reviewable.

Let us know what you find.