Simplified Security Setup for Development Environment

You can bypass certificate checking while developing software in a non-production environment. To do this, create a custom implementation of the javax.net.ssl.TrustManager interface that returns true rather than actually verifying certificates during the SSL handshake. You can see examples of such a class in the Java code samples included with the vSphere Web Services SDK.

The Java samples included with the SDK use this technique by accepting an optional command-line argument, --ignorecert. If you plan to use the --ignorecert option or use this automatic server-certificate verification technique in your own code, you do not need to import certificates. See Set Up for Java Development for the Web Services SDK for more information.

Use the --ignorecert option only for development and testing purposes. Do not use it outside a firewall. If the server-certificate is not verified during the SSL handshake, the client application is subject to man-in-the-middle attacks.