I'm trying to use CXF ClientBuilder to make a call to a REST service on an SSL connection using 2-way auth.
I was having some trouble populating the keystore of the ClientBuilder because my key file was in the PKCS#1 format. After I converted the file to PKCS#8 format, I was able to build the client, but now I'm getting a "unable to find valid certification path to requested target" error when I try to make a connection. I didn't have any particular problem populating the truststore of the ClientBuilder, but that error message may indicate there's something wrong with it. I'm able to make a "curl" call to the same URL using the given key and cert files, and that gets through the SSL handshake fine. The details for my issue are at http://stackoverflow.com/questions/43268952/cxf-rest-client-call-with-2-way-auth-failing-with-unable-to-find-valid-certific . Note that the last "Update" in the posting talks about how I turned on "-Djavax.net.debug=all", and it shows some suspicious debug output associated with that. It seems like it thinks the truststore "is" the cacerts file in my JDK, even though I created the truststore in memory from a single certificate, like this: ------------------- KeyStore trustStore = KeyStore.getInstance("jks"); trustStore.load(null, "changeit".toCharArray()); Certificate cert = buildCertFromFile("<path to cert file>"); trustStore.setCertificateEntry("cert", cert); ... ClientBuilder builder = ClientBuilder.newBuilder(); builder.trustStore(trustStore); ... client = builder.build(); ------------------- Any idea what might be going wrong here?
