Hi Dave, Java is very restrictive of HTTPS (sometimes overly so: e.g. Java will not follow a redirect from http to https even though that's a good thing). Unfortunately, there's no built in way to make Java ignore the cert validation. We'd probably have to subclass and add some bypassing code to HttpURLConnection to make it ignore the validation or to redirect from http to https.
- Robert On Wed, May 13, 2015 at 3:50 PM, Dave Rugh <[email protected]> wrote: > Is there a config option to disable certificate validation for callbacks > over HTTPS? > > oozie.wf.action.notification.url > oozie.wf.workflow.notification.url > > Our use case is that we'd like to use a single port for all requests into a > server; and depending on a flag, all traffic is either encrypted or > unencrypted. > > With my dev configuration, using a self-signed cert, I'm having an issue if > the self-signed cert has an IP as a CN rather than a domain so I'd like to > be able to just ignore cert validation - just for callback; same as the > wget -no-check-certificate or curl -k options. > > This saves us having to create a separate non-ssl port for callbacks or > having to do the required config changes on the Oozie server to accept > self-signed certs. > > Is this possible via Oozie config settings or would it require a code > change? > > Thanks, > > Dave >
