I have an update: I also tried setting up a "conduit" as described in the CXF http://cwiki.apache.org/CXF20DOC/client-http-transport-including-ssl-support.html website
and I got the same results: <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:sec="http://cxf.apache.org/configuration/security"; xmlns:http="http://cxf.apache.org/transports/http/configuration"; xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"; xsi:schemaLocation=" http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd";> <http:conduit name="{https://cxf}HelloImplPort.http-conduit";> <http:tlsClientParameters disableCNCheck="true" secureSocketProtocol="SSL"> <sec:trustManagers> <sec:keyStore type="JKS" password="changeit" file="v:/tmp/clienttrust.jks"/> </sec:trustManagers> <sec:keyManagers keyPassword="changeit"> <sec:keyStore type="JKS" password="changeit" file="v:/tmp/clientkey.jks"/> </sec:keyManagers> <sec:cipherSuitesFilter> <sec:include>.*_EXPORT_.*</sec:include> <sec:include>.*_EXPORT1024_.*</sec:include> <sec:include>.*_WITH_DES_.*</sec:include> <sec:include>.*_WITH_NULL_.*</sec:include> <sec:exclude>.*_DH_anon_.*</sec:exclude> </sec:cipherSuitesFilter> </http:tlsClientParameters> </http:conduit> </beans> This is a copy of the WibbleClient.xml file from the wsdl_first_https with the obvious needed changes to the namespace and port. Note that the wsdl_first_https sample in the CXF distribution package works fine. But in that project, the webservice is not running in side an app server, but as a standalone app. And for those cases, CXF provides the option to configure the server key/truststore within the cxf configuration. This is not possible AFAIK for JAXWS endpoints which run as a servlet in an app server. In my webservice, this is the cxf.xml (you can see there is no mentioning of key or trust stores): <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd";> <import resource="classpath:META-INF/cxf/cxf.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml"/> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" /> <jaxws:endpoint id="hello" implementor="cxf.HelloImpl" address="/hello"/> </beans> any ideas on how to get client-cert authentication working for a web service running in an app server?? thanks. -- View this message in context: http://www.nabble.com/-JSSESupport--SSL-Error-getting-client-Certs-tp19863789p19885396.html Sent from the cxf-user mailing list archive at Nabble.com.
