2015-02-26 17:47 GMT+01:00 Colm O hEigeartaigh <[email protected]>: > > It does, but only if no truststore has been configured in CXF. Do you have a > test-case that reproduces this problem?
Thanks, not really Indeed, it's not a problem because my client works fine , but I cannot understand why. I only imported the server certificate, no the others in chain As I don't know how the underlying certificate validation is performed , I don't know if this behaviour is caused by default settings in CXF or another reason. Regards > > Colm. > > On Thu, Feb 26, 2015 at 4:39 PM, Jose María Zaragoza <[email protected]> > wrote: >> >> 2015-02-26 17:14 GMT+01:00 Colm O hEigeartaigh <[email protected]>: >> > You are using "keyManagers" instead of "trustManagers" in the >> > configuration. "keyManagers" is used when you need to specify a key for >> > client authentication. "trustManagers" is used to verify trust in the >> > server's cert. As you have no "trustManagers" configuration here, I >> > guess >> > it is falling back on the default JVM settings >> > (javax.net.ssl.trustStore) >> >> Sorry, it was a typo. I'm using trustManagers >> >> <sec:trustManagers> >> <sec:keyStore type="JKS" password="*******" >> resource="truststore.jks"/> >> </sec:trustManagers> >> <sec:cipherSuitesFilter> >> >> Do you know if JSSE ( I guess it's the underlying TLS implementation ) >> uses default JVM truststore for checking certificates ? >> >> Thanks >> >> > >> > Colm. >> > >> > On Thu, Feb 26, 2015 at 11:32 AM, Jose María Zaragoza >> > <[email protected]> >> > wrote: >> > >> >> Hello: >> >> >> >> Maybe this question a bit off topic , but I try to understand why my >> >> client works. >> >> >> >> I use CXF 2.7.8 to call a remote webservice by HTTPS (SSL /TLS) >> >> This is my settings: >> >> >> >> <http-conf:conduit name="https://.*";> >> >> <http-conf:tlsClientParameters> >> >> <sec:keyManagers keyPassword="xxxxxxxx"> >> >> <sec:keyStore type="JKS" password="xxxxxxxx" >> >> resource="truststore.jks"/> >> >> </sec:keyManagers> >> >> >> >> I've imported SSL server certificate into truststore.jks >> >> And it works fine. >> >> >> >> But this certificate is signed by a CA chain ( from .godaddy.com) , >> >> and ( I think ) I don't have imported any certificate from godaddy >> >> Why does my client trust in the server certificate ? >> >> Is not performed some Certification Path Validation process ? >> >> >> >> Thanks and regards >> >> >> > >> > >> > >> > -- >> > Colm O hEigeartaigh >> > >> > Talend Community Coder >> > http://coders.talend.com > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com
