How to Disable SSL Certificate Verification in Retrofit Library?

java android ssl kotlin retrofit2

Question

How can I disable SSL certificate verification in the Retrofit library for Android applications?

// Example of creating a custom OkHttpClient with SSL verification disabled
OkHttpClient.Builder builder = new OkHttpClient.Builder();
TrustManager[] trustAllCerts = new TrustManager[] {
    new X509TrustManager() {
        public void checkClientTrusted(X509Certificate[] chain, String authType) {}
        public void checkServerTrusted(X509Certificate[] chain, String authType) {}
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }
};
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new SecureRandom());
builder.sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager)trustAllCerts[0]);
Retrofit retrofit = new Retrofit.Builder()
        .baseUrl(BASE_URL)
        .client(builder.build())
        .build();

Answer

Disabling SSL certificate verification is often required during development stages, especially for apps connecting to servers with self-signed certificates. However, keep in mind that bypassing SSL checks can expose your application to man-in-the-middle attacks, so it should only be used with caution and never in production environments.

// Custom implementation for Retrofit disallowing SSL certificate verification
OkHttpClient.Builder builder = new OkHttpClient.Builder();
TrustManager[] trustAllCerts = new TrustManager[] {
    new X509TrustManager() {
        public void checkClientTrusted(X509Certificate[] chain, String authType) {}
        public void checkServerTrusted(X509Certificate[] chain, String authType) {}
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }
};
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new SecureRandom());
builder.sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager)trustAllCerts[0]);
Retrofit retrofit = new Retrofit.Builder()
        .baseUrl(BASE_URL)
        .client(builder.build())
        .build();

Causes

  • Using a self-signed SSL certificate for development purposes.
  • Connecting to an API endpoint with an invalid or expired certificate.
  • Testing in localhost environments that do not support proper SSL certification.

Solutions

  • Utilize a dedicated development server with a valid SSL certificate during development.
  • Incorporate SSL pinning in production to enhance security even when disabling checks in development.
  • Restrict disabling SSL checks to build variants intended for test or debug purposes only.

Common Mistakes

Mistake: Using this configuration in production without proper security checks

Solution: Always ensure that SSL verification is enabled in production and consider using SSL pinning.

Mistake: Neglecting to handle IOException that may arise

Solution: Properly configure error handling for network requests to manage exceptions and provide user-friendly feedback.

Helpers

  • Retrofit SSL certificate check
  • Disable SSL verification Retrofit
  • Android Retrofit HTTPS
  • Trust all SSL certificates Retrofit

Related Questions

⦿How to Use a 'for' Loop in a Velocity Template

Learn how to effectively use for loops in Velocity templates with complete examples and explanations.

java templates velocity
⦿How to Disable Spring Boot Auto-Configuration for Spring Web?

Learn how to disable Spring Boot autoconfiguration for springweb to enhance application control and performance.

java spring spring-boot spring-web
⦿How to Remove the Last Item from an ArrayList in Java?

Learn how to effectively remove the last item from an ArrayList in Java with clear explanations and code snippets.

java arraylist
⦿How to Retrieve HTTP Status Code Using OkHttp

Learn how to obtain HTTP status codes with OkHttp in Android. Stepbystep guide with examples and troubleshooting tips.

java http-status-codes okhttp
⦿How to Resolve 'Jar Mismatch! Fix Your Dependencies for the FacebookSDK' Error

Learn how to fix Jar mismatch errors in the FacebookSDK by resolving dependencies and ensuring compatibility.

java android facebook jar
⦿How to List All Country Codes for Phone Numbers?

Learn how to effectively list all country codes for phone numbers with structured approaches and examples.

java libphonenumber
⦿How to Install Java 8 on macOS Mojave Using Homebrew

Learn how to easily install Java 8 on macOS Mojave with Homebrew including troubleshooting tips and common mistakes.

java macos homebrew
⦿How to Calculate the Number of Days, Weeks, and Months Since Epoch in Java?

Learn how to calculate days weeks and months since the Unix Epoch in Java with practical examples and tips.

java time calendar epoch
⦿How to Resolve 'The Archive Referenced by the Classpath Does Not Exist' Error in Eclipse

Learn how to fix the Eclipse error stating The archive referenced by the classpath does not exist with effective solutions and troubleshooting tips.

java eclipse maven pom.xml
⦿How to Troubleshoot the Java `RuntimeException: Only One Looper May Be Created Per Thread`?

Learn how to fix the Java RuntimeException related to Looper instances in threads. Get solutions code snippets and debugging tips.

java android multithreading
JAVA

Understanding Java Syntax: A Beginner's Guide

Understanding Data Types in Java

Java Tutorial: Using Relational Operators

AI

Getting Started with Artificial Intelligence in Java

Ultimate Guide to Setting Up a Java Project for AI

Understanding Machine Learning Basics

ABOUT

Company Info

Terms of Service

Privacy Policy

© Copyright 2025 - CodingTechRoom.com