CXF Trust Certificates
CXF config to add a trusted certificate
Section titled “CXF config to add a trusted certificate”This is useful in cases where a server has been setup with a certificate that cannot be validated (e.g. it is a self-signed certificate).
This has been tested using CXF 3.1.7
The below config assumes you have a self-signed HTTPS test server that
CXF will connect to as a client. The address of the server is https://192.168.33.33.
The name attribute contains a pattern which applies the config to any URLs used by CXF that match it.
<!-- automatically registered using name regexp --><http:conduit name="https://192.168.33.33/.*"><http:tlsClientParameters disableCNCheck="true"> <sec:trustManagers> <sec:keyStore type="JKS" password="password" resource="/192.168.33.33.trust.jks"/> </sec:trustManagers></http:tlsClientParameters></http:conduit>The trust keystore file can be generated by reading the certificate from the test server.
openssl s_client -showcerts -connect 192.168.33.33:443Copy out the lines with BEGIN CERTIFICATE and END CERTIFICATE
inclusive and place them in 192.168.33.33.cert. Then create the keystore
file.
keytool.exe -import -trustcacerts -file 192.168.33.33.cert -keystore 192.168.33.33.jksUse the password ‘password’, and answer ‘yes’ when asked whether to Trust this certificate.