Disable SSL certificate validation for testing

This task outlines the process for disabling certificate validation. Do not use these settings in a production environment.

About this task

CAUTION: Disabling certificate validation should only be used for testing. Using these settings in a production environment will leave users vulnerable to man in the middle attacks.


  1. Open the service configuration file application.conf in a text editor.
    Note: Use a plain text editor to avoid inserting invalid formatting or symbols into application.conf. Do not use a rich text editor such as Microsoft Word for editing configuration files.
  2. Set the value for the key ephox.http.websphere.use-ssl-config to false and ephox.http.trust-all-cert to true.
    Figure 1. Example application.conf certificate validation disabled.
    ephox {
      # ... other settings not shown
      http {
        websphere.use-ssl-config = false
        trust-all-cert = true