Use SSLSocketFactory.getDefault() or SSLContext.getSocketFactory()

[Robert Nicholson <ro...@elastica.com>]

Hi,

I've got an issue at the moment and I want to clarify which approach 
should be used to establish an outgoing socket connection from Weblogic 
using either Axis or Apache Soap.

Currently  some code based on apache soap is using SSLUtils.java to get 
the SSLSocketFactory and it does so via SSLSocketFactory.getDefault()

In Weblogic this seems to be problematic because it seems to me that in 
Weblogic unless you use SSLContext.getSocketFactory you are not going 
to get the trusted certificates set up correctly. Weblogic's apis only 
seem to establish the trusted CAs if you go thru the SSLContext and not 
thru getDefault().

Is there anybody more knowledgable about this than me that can shed 
some light on this subject?

I know from using the apache soap whenever the outgoing SSL handshake 
takes place it aborts because the servers certificate is rejected 
because it is not trusted and I know that it's because weblogic doesn't 
know about any trusted certificates from it's trusted CA store. and a 
cursory glance at the weblogic api's suggest that it's because the 
apache soap code doesn't go thru SSLContext.