I move it to after the: HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
But the error is similar: DEBUG 2018-01-30 23:43:12,182 [Thread-2] org.apache.cxf.common.logging.LogUtils - Using org.apache.cxf.common.logging.Log4jLogger for logging. DEBUG 2018-01-30 23:43:12,954 [Thread-2] org.apache.cxf.resource.DefaultResourceManager - resolving resource <org.apache.cxf.wsdl11.WSDLManagerImpl/bus> type <interface org.apache.cxf.Bus> DEBUG 2018-01-30 23:43:12,959 [Thread-2] org.apache.cxf.resource.DefaultResourceManager - resolving resource <null> type <interface org.apache.cxf.Bus> DEBUG 2018-01-30 23:43:13,719 [Thread-2] org.apache.cxf.transport.http.HTTPConduit - Conduit '{http://cxf.apache.org}TransportURIResolver.http-conduit' has been (re)configured for plain http. DEBUG 2018-01-30 23:43:13,721 [Thread-2] org.apache.cxf.transport.http.HTTPConduit - No Trust Decider configured for Conduit '{http://cxf.apache.org}TransportURIResolver.http-conduit' DEBUG 2018-01-30 23:43:13,722 [Thread-2] org.apache.cxf.transport.http.HTTPConduit - No Auth Supplier configured for Conduit '{http://cxf.apache.org}TransportURIResolver.http-conduit' DEBUG 2018-01-30 23:43:13,723 [Thread-2] org.apache.cxf.transport.http.HTTPConduit - Conduit '{http://cxf.apache.org}TransportURIResolver.http-conduit' has been configured for plain http. DEBUG 2018-01-30 23:43:13,725 [Thread-2] org.apache.cxf.transport.http.HTTPConduit - registering incoming observer: org.apache.cxf.transport.TransportURIResolver$1@5dfd9a23 DEBUG 2018-01-30 23:43:13,752 [Thread-2] org.apache.cxf.transport.https.SSLUtils - The location of the key store has not been set via a system parameter or through configuration so the default value of C:\Users\Owner/.keystore will be used. DEBUG 2018-01-30 23:43:13,753 [Thread-2] org.apache.cxf.transport.https.SSLUtils - The key store password has not been set via a system property or through configuration, reading data from the keystore will fail. DEBUG 2018-01-30 23:43:13,753 [Thread-2] org.apache.cxf.transport.https.SSLUtils - The key password has not been set via a system property or through configuration, reading data from the keystore will fail. TRACE 2018-01-30 23:43:13,754 [Thread-2] org.apache.cxf.transport.https.SSLUtils - No default keystore C:\Users\Owner/.keystore DEBUG 2018-01-30 23:43:13,781 [Thread-2] org.apache.cxf.transport.https.HttpsURLConnectionFactory - The cipher suites have been set to [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]. DEBUG 2018-01-30 23:43:14,001 [Thread-2] org.apache.cxf.transport.http.Headers - Accept: */* DEBUG 2018-01-30 23:43:14,003 [Thread-2] org.apache.cxf.transport.http.HTTPConduit - No Trust Decider for Conduit '{http://cxf.apache.org}TransportURIResolver.http-conduit'. An affirmative Trust Decision is assumed. TRACE 2018-01-30 23:43:17,564 [Thread-2] org.apache.cxf.transport.TransportURIResolver - Conduit initiator could not resolve null https://sales.test.com.au/RSIService.svc?singleWsdl javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://sales.test.com.au/RSIService.svc?singleWsdl: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html