You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by sumit_chauhan <su...@uhc.com> on 2014/01/09 14:21:40 UTC
Mutual SSL client with custom SSL Socket Factory
I am using CXF-2.4.6. I wish to communicate with a Mutual SSL enabled web
service. I wanted to programatically set the client certificate alias, which
gets passed on to server. I tried writing a custom SSLSocketFactory with
custom key manager( which provides the alias) and registered it as follows:
bindingProvider.getRequestContext().put("com.sun.xml.internal.ws.transport.https.client.SSLSocketFactory",
socketFactory);
However, *chooseClientAlias *method of custom key manager never gets called
and no certificate gets passed to server, which results in handshake
failure.
Please help out with this issue.
--
View this message in context: http://cxf.547215.n5.nabble.com/Mutual-SSL-client-with-custom-SSL-Socket-Factory-tp5738412.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Mutual SSL client with custom SSL Socket Factory
Posted by Daniel Kulp <dk...@apache.org>.
On Jan 9, 2014, at 8:21 AM, sumit_chauhan <su...@uhc.com> wrote:
> I am using CXF-2.4.6. I wish to communicate with a Mutual SSL enabled web
> service. I wanted to programatically set the client certificate alias, which
> gets passed on to server. I tried writing a custom SSLSocketFactory with
> custom key manager( which provides the alias) and registered it as follows:
>
>
> bindingProvider.getRequestContext().put("com.sun.xml.internal.ws.transport.https.client.SSLSocketFactory",
> socketFactory);
That property would only be for the in-jdk jaxws implementation. It is specific to that and wouldn’t work with CXF or Metro or anything else.
> However, *chooseClientAlias *method of custom key manager never gets called
> and no certificate gets passed to server, which results in handshake
> failure.
> Please help out with this issue.
Check the page on configuring tls:
http://cxf.apache.org/docs/tls-configuration.html
There is a setting for the actual SSLSocketFactory to use, but usually that is not needed as there are settings for almost everything else you may need.
--
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com