CXF Trust Certificates

CXF Trust Certificates

Published: Saturday, 17 September 2016

CXF config to add a trusted certificate

This is useful in cases where a server has been setup with a certificate that cannot be validated (e.g. it is a self-signed certificate).

This has been tested using CXF 3.1.7

The below config assumes you have a self-signed HTTPS test server that CXF will connect to as a client. The address of the server is

The name attribute contains a pattern which applies the config to any URLs used by CXF that match it.

<!-- automatically registered using name regexp -->
<http:conduit name="*">
<http:tlsClientParameters disableCNCheck="true">
    <sec:keyStore type="JKS" password="password"

The trust keystore file can be generated by reading the certificate from the test server.

openssl s_client -showcerts -connect

Copy out the lines with BEGIN CERTIFICATE and END CERTIFICATE inclusive and place them in Then create the keystore file.

keytool.exe -import -trustcacerts -file -keystore

Use the password ‘password’, and answer ‘yes’ when asked whether to Trust this certificate.


CXF Client HTTP Transport (including SSL support).