I get ws-security's signature validation via CXF working on my service in local Websphere when using org.apache.ws.security.crypto.merlin.file property pointing to a file based JKS that contains my companies CA root and issuer certs.
But when I deploy to our Prod environment I would like to have CXF use the Websphere truststore that contains these, but I can't seem to get that to work by default when I remove my JKS file. I have tried several approaches. Even tried adding the certs to CellDefaultTrustStore > Signer certificates in Websphere but that did not seem to work either. What is the correct approach? Is there a setting to make in Websphere? I am using the latest CXF 2.7.11 and Websphere 8.5 I know that we have the DisableIBMJAXWSEngine=true in Websphere since CXFServlet is handling this so not sure how a Websphere based ws-security setting would control this though. I am really hoping there is a default way to get this working as I would think that having to set the org.apache.ws.security.crypto.merlin.file property to have a hard coded path to truststore file on WAS server is not ideal. -- View this message in context: http://cxf.547215.n5.nabble.com/Point-CXF-to-Websphere-truststore-for-certs-tp5749478.html Sent from the cxf-user mailing list archive at Nabble.com.
