I had posted a message on this list about making AXIS client call to webservice running HTTPS.
Everybody seems to be importing the certificates into a keystore and passing them as a system prop. Problem I have is that I dont want to import any certificates for the obvious reasons that they will expire someday. rather I overwrite X509TrustManager and set it on the HttpsURLConnection as follows :
X509TrustManager xtm = new MyTrustManager();
TrustManager mytm[] = {xtm};
SSLContext ctx = SSLContext.getInstance("SSL");
ctx.init(null,mytm, null );
SSLSocketFactory sf = ctx.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(sf);
This works great if I try to connect to Https URL and gives me the correct content. but when I use Locator/Stub my X509TrustMamager is not called. How do I tell underlying AXIS to use my trustmanager?
I see that AXIS has org.apache.axis.components.net.SunFakeTrustSocketFactory.FakeX509TrustManager() SunFakeTrustSocketFactory nad but using this in the above doesn't work due to incompatibility of types.
Now the question is do I have to write my TrustManagerFactory and SecurityProvider and plug it in or is there any simple way to let AXIS know of my Trustmanager I want to use.
appreciate any help. thanx, Pravir
