2015-02-26 17:14 GMT+01:00 Colm O hEigeartaigh <[email protected]>:
> You are using "keyManagers" instead of "trustManagers" in the
> configuration. "keyManagers" is used when you need to specify a key for
> client authentication. "trustManagers" is used to verify trust in the
> server's cert. As you have no "trustManagers" configuration here, I guess
> it is falling back on the default JVM settings (javax.net.ssl.trustStore)
Sorry, it was a typo. I'm using trustManagers
<sec:trustManagers>
<sec:keyStore type="JKS" password="*******"
resource="truststore.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
Do you know if JSSE ( I guess it's the underlying TLS implementation )
uses default JVM truststore for checking certificates ?
Thanks
>
> Colm.
>
> On Thu, Feb 26, 2015 at 11:32 AM, Jose María Zaragoza <[email protected]>
> wrote:
>
>> Hello:
>>
>> Maybe this question a bit off topic , but I try to understand why my
>> client works.
>>
>> I use CXF 2.7.8 to call a remote webservice by HTTPS (SSL /TLS)
>> This is my settings:
>>
>> <http-conf:conduit name="https://.*";>
>> <http-conf:tlsClientParameters>
>> <sec:keyManagers keyPassword="xxxxxxxx">
>> <sec:keyStore type="JKS" password="xxxxxxxx"
>> resource="truststore.jks"/>
>> </sec:keyManagers>
>>
>> I've imported SSL server certificate into truststore.jks
>> And it works fine.
>>
>> But this certificate is signed by a CA chain ( from .godaddy.com) ,
>> and ( I think ) I don't have imported any certificate from godaddy
>> Why does my client trust in the server certificate ?
>> Is not performed some Certification Path Validation process ?
>>
>> Thanks and regards
>>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
