You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by sumit_chauhan <su...@uhc.com> on 2014/01/09 14:21:40 UTC

Mutual SSL client with custom SSL Socket Factory

I am using CXF-2.4.6. I wish to communicate with a Mutual SSL enabled web
service. I wanted to programatically set the client certificate alias, which
gets passed on to server. I tried writing a custom SSLSocketFactory with
custom key manager( which provides the alias) and registered it as follows:

     
bindingProvider.getRequestContext().put("com.sun.xml.internal.ws.transport.https.client.SSLSocketFactory",
socketFactory);

However, *chooseClientAlias *method of custom key manager never gets called
and no certificate gets passed to server, which results in handshake
failure.
Please help out with this issue.



--
View this message in context: http://cxf.547215.n5.nabble.com/Mutual-SSL-client-with-custom-SSL-Socket-Factory-tp5738412.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: Mutual SSL client with custom SSL Socket Factory

Posted by Daniel Kulp <dk...@apache.org>.

On Jan 9, 2014, at 8:21 AM, sumit_chauhan <su...@uhc.com> wrote:

> I am using CXF-2.4.6. I wish to communicate with a Mutual SSL enabled web
> service. I wanted to programatically set the client certificate alias, which
> gets passed on to server. I tried writing a custom SSLSocketFactory with
> custom key manager( which provides the alias) and registered it as follows:
> 
> 
> bindingProvider.getRequestContext().put("com.sun.xml.internal.ws.transport.https.client.SSLSocketFactory",
> socketFactory);

That property would only be for the in-jdk jaxws implementation.   It is specific to that and wouldn’t work with CXF or Metro or anything else.

> However, *chooseClientAlias *method of custom key manager never gets called
> and no certificate gets passed to server, which results in handshake
> failure.
> Please help out with this issue.

Check the page on configuring tls:
http://cxf.apache.org/docs/tls-configuration.html

There is a setting for the actual SSLSocketFactory to use, but usually that is not needed as there are settings for almost everything else you may need.

-- 
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com