It does, but only if no truststore has been configured in CXF. Do you have a test-case that reproduces this problem?
Colm. On Thu, Feb 26, 2015 at 4:39 PM, Jose María Zaragoza <[email protected]> wrote: > 2015-02-26 17:14 GMT+01:00 Colm O hEigeartaigh <[email protected]>: > > You are using "keyManagers" instead of "trustManagers" in the > > configuration. "keyManagers" is used when you need to specify a key for > > client authentication. "trustManagers" is used to verify trust in the > > server's cert. As you have no "trustManagers" configuration here, I guess > > it is falling back on the default JVM settings (javax.net.ssl.trustStore) > > Sorry, it was a typo. I'm using trustManagers > > <sec:trustManagers> > <sec:keyStore type="JKS" password="*******" > resource="truststore.jks"/> > </sec:trustManagers> > <sec:cipherSuitesFilter> > > Do you know if JSSE ( I guess it's the underlying TLS implementation ) > uses default JVM truststore for checking certificates ? > > Thanks > > > > > Colm. > > > > On Thu, Feb 26, 2015 at 11:32 AM, Jose María Zaragoza < > [email protected]> > > wrote: > > > >> Hello: > >> > >> Maybe this question a bit off topic , but I try to understand why my > >> client works. > >> > >> I use CXF 2.7.8 to call a remote webservice by HTTPS (SSL /TLS) > >> This is my settings: > >> > >> <http-conf:conduit name="https://.*";> > >> <http-conf:tlsClientParameters> > >> <sec:keyManagers keyPassword="xxxxxxxx"> > >> <sec:keyStore type="JKS" password="xxxxxxxx" > >> resource="truststore.jks"/> > >> </sec:keyManagers> > >> > >> I've imported SSL server certificate into truststore.jks > >> And it works fine. > >> > >> But this certificate is signed by a CA chain ( from .godaddy.com) , > >> and ( I think ) I don't have imported any certificate from godaddy > >> Why does my client trust in the server certificate ? > >> Is not performed some Certification Path Validation process ? > >> > >> Thanks and regards > >> > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
