You are using "keyManagers" instead of "trustManagers" in the configuration. "keyManagers" is used when you need to specify a key for client authentication. "trustManagers" is used to verify trust in the server's cert. As you have no "trustManagers" configuration here, I guess it is falling back on the default JVM settings (javax.net.ssl.trustStore)
Colm. On Thu, Feb 26, 2015 at 11:32 AM, Jose María Zaragoza <[email protected]> wrote: > Hello: > > Maybe this question a bit off topic , but I try to understand why my > client works. > > I use CXF 2.7.8 to call a remote webservice by HTTPS (SSL /TLS) > This is my settings: > > <http-conf:conduit name="https://.*";> > <http-conf:tlsClientParameters> > <sec:keyManagers keyPassword="xxxxxxxx"> > <sec:keyStore type="JKS" password="xxxxxxxx" > resource="truststore.jks"/> > </sec:keyManagers> > > I've imported SSL server certificate into truststore.jks > And it works fine. > > But this certificate is signed by a CA chain ( from .godaddy.com) , > and ( I think ) I don't have imported any certificate from godaddy > Why does my client trust in the server certificate ? > Is not performed some Certification Path Validation process ? > > Thanks and regards > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
