Untrusted Server Certificate in Intellij
Asked Answered
S

8

42

I don't understand why Android Studio behaving weird, sending this Untrusted Server Certificate request again and again. Please suggest how to avoid this?

Pop up for accept or reject

Schexnayder answered 6/2, 2020 at 10:8 Comment(0)
D
95

[EDIT]: This is not the best solution in terms of security and has security risks, and I do not advocate this.

I was facing this and came across a solution on JetBrain's community page.

To get rid of that, we need to make Idea Accept non-trusted certificates automatically.

Preferences -> Tools -> Server Certificates -> Check on "Accept non-trusted certificates automatically"

Preference page

Deforest answered 6/5, 2021 at 7:17 Comment(5)
Don't see a "Preferences" button.Judson
@PhilipRego Are you on a mac? It should be on the top navbar, under IntelliJ Idea or Android Studio, whichever you're using.Deforest
In case of Windows, File -> Settings -> Tools -> Server Certificates -> Check on "Accept non-trusted certificates automatically"Graeae
Not sure why this answer, posted a year after the question and advocating terrible security practices, has so many upvotes. This leaves you wide open to man-in-the-middle attacks, don't do it!Borkowski
This is not good practice or good advice as you are exposing yourself to MITM attack. Unless you are in an air-gapped / isolated trusted environment and your network cannot access the public internet. In which case your security risk is possibly limited to internal only. Although, if you have access to a network via another internal party, your risk extends to their network also, which may include indirect access to the public internet and potential MITM attack. I would be very wary of enabling "Accept non-trusted certificates automatically" in a non-isolated trusted environment.Gilead
R
11

You see this dialog b/c the proxy server in your network substitutes signed remote certificate certificate with it's own (non-trusted) certificate, hence it can not pass the JDK validation and IDE warns about it.

To fix this import this certificate to the JDK's which IDE uses to run trust store:

keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -alias Root -import -file certFile.cer

See Import the Certificate as a Trusted Certificate for more information.

Rebroadcast answered 6/2, 2020 at 12:7 Comment(1)
I tried this, but it does not seem to work, as McAfee Endpoint Security seems to generate new certificate every day. I tried to switch Intellij runtime jvm to another corporate installed jvm, that seems to take deal fine with McAfee certs, still no luck. It seems there the cert store in user home ~/AppData/Roaming/JetBrains/IdeaIC2021.3/ssl/cacerts is "fixed" somewhere?Pistole
H
1

Disabling SSL certificate verification on the Git application level can be a workaround, but it comes with security risks. SSL certificate verification is crucial for ensuring the authenticity and integrity of the data being transferred between your computer and the Git server. Disabling it means you're potentially exposing yourself to man-in-the-middle attacks.

However, there are situations where this might be necessary, such as when dealing with self-signed certificates or in certain testing environments. To disable SSL certificate verification globally in Git, you can use the following command:

git config --global http.sslverify "false"

This command sets the global Git configuration option http.sslVerify to false, effectively turning off SSL certificate verification for all your Git operations.

Please be aware of the security implications and only use this option when you're certain it's safe to do so. If possible, try to address the underlying issue with SSL certificates rather than bypassing the verification altogether. If you're dealing with a self-signed certificate, consider adding the certificate to your trusted certificates or configuring Git to recognize it.

Heading answered 5/1 at 9:8 Comment(0)
S
0

Happens when connected to a proxy server on your network and your network has an internal certificate authority. The remote certificate is replaced with another untrusted certificate that fails Java validation.

You can either import this cert to your local JDK installation or enable Auto accepting non-trusted certs.

To Enable Auto import,

Mac: Go to IntelliJ IDEA > Preferences > Tools > Server Certificates [x] Check on Accept non-trusted certificates automatically

Mac enable auto accepting non-trusted certs

Windows and Linux: Go to: File > Settings > Tools > Server Certificates > [x] Check on Accept non-trusted certificates automatically

Windows enable auto accepting non-trusted certs

Saltus answered 7/7, 2022 at 12:36 Comment(1)
This is not good practice or good advice as you are exposing yourself to MITM attack. Unless you are in an air-gapped / isolated trusted environment and your network cannot access the public internet. In which case your security risk is possibly limited to internal only. Although, if you have access to a network via another internal party, your risk extends to their network also, which may include indirect access to the public internet and potential MITM attack. I would be very wary of enabling "Accept non-trusted certificates automatically" in a non-isolated trusted environment.Gilead
C
0

Faced the same issue but in my issue i was not able to do anything on intellj. I did this task in a speedily manner after click on accept button of the popup. File->Settings>tools>ServerCertificate->Accept Certificate.

Consumption answered 1/11, 2023 at 11:33 Comment(0)
M
0

This can happen if your system date/time is wrong

I saw this dialogue box after my system clock reset. If your system datetime is not in sync with real time, the certificate's validity may not match your system time and the certificate would be rejected.

You can update or resync your system time in this case.

Mender answered 10/2 at 11:39 Comment(0)
C
-3

I am using 2022.1 intellij version and the following steps solved my issue in a sec

File -> Setting -> Tools -> Server Certificates -> Check mark on "Accept non-trusted certificates automatically" thats it!!

Colicweed answered 18/11, 2022 at 2:59 Comment(1)
This is not good practice or good advice as you are exposing yourself to MITM attack. Unless you are in an air-gapped / isolated trusted environment and your network cannot access the public internet. In which case your security risk is possibly limited to internal only. Although, if you have access to a network via another internal party, your risk extends to their network also, which may include indirect access to the public internet and potential MITM attack. I would be very wary of enabling "Accept non-trusted certificates automatically" in a non-isolated trusted environment.Gilead
M
-4

To get rid of the pop up message go to below location and click on Accept non-trusted certificates automatically.

Below are for Windows, Linux and macOS

File | Settings | Tools | Server Certificates for Windows and Linux

IntelliJ IDEA | Preferences | Tools | Server Certificates for macOS

enter image description here

Maris answered 13/7, 2022 at 4:12 Comment(1)
This is not good practice or good advice as you are exposing yourself to MITM attack. Unless you are in an air-gapped / isolated trusted environment and your network cannot access the public internet. In which case your security risk is possibly limited to internal only. Although, if you have access to a network via another internal party, your risk extends to their network also, which may include indirect access to the public internet and potential MITM attack. I would be very wary of enabling "Accept non-trusted certificates automatically" in a non-isolated trusted environment.Gilead

© 2022 - 2024 — McMap. All rights reserved.