Plugins You can find out about all the publicly available Grails plugins.


  • Tags: ssl, https, testing
  • Latest: 1.3
  • Last Updated: 21 September 2014
  • Grails version: 1.3.6 > *
  • Authors: Shawn Hartsock, Michael Rice
0 vote
compile "org.grails.plugins:weak-ssl:1.3"



This plugin deliberately breaks SSL for you by acceptingany SSL certificate.


$ grails install-plugin weak-ssl


Makes Java/Groovy work with self-signed certificates or other malformed SSL certificates. It is useful for working in development environments or test environments where you have a generated SSL certificate. Notice one of the modules detects the Grails test mode and reads the Grails generated SSL cert and provides an SSL exception for it.

By default this plugin deactivates itself in production environments and only adds exceptions for SSL certificates served by localhost. You may choose to override this behavior.

use case

If you are running an application in test that uses SSL and you attempt to connect to your own host over SSL in your code, you will get an error. That's because grails is using a self generated SSL certificate.

For example:

def text = new URL("https://localhost:8443/${myapp}").text
produces this error unable to find valid certification path to requested target

To fix this problem in development and test environments install this plugin.

$ grails install-plugin weak-ssl

now run in https mode

$ grails run-app -https

trust certain hosts

Configure a list of trusted host names. These are hosts that we will trust the certificates from even if they are self-signed.


weakssl.trustedhosts = ['myhost','myotherhost','localhost','someotherhost']

trust all

Force trusted mode SSL to work in all contexts. The trustAll setting breaks the SSL certificate provider causing Java to trust all certificates presented to it. I strongly caution against using this mode in production.


trustAll = true

If the trustAll mode is used in production, the grails app will print a warning statement that the trusting provider is enabled in a production environment then proceed as if it were in a test or development environment.