You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by Robert Nicholson <ro...@elastica.com> on 2005/03/12 17:03:51 UTC
Use SSLSocketFactory.getDefault() or SSLContext.getSocketFactory()
Hi,
I've got an issue at the moment and I want to clarify which approach
should be used to establish an outgoing socket connection from Weblogic
using either Axis or Apache Soap.
Currently some code based on apache soap is using SSLUtils.java to get
the SSLSocketFactory and it does so via SSLSocketFactory.getDefault()
In Weblogic this seems to be problematic because it seems to me that in
Weblogic unless you use SSLContext.getSocketFactory you are not going
to get the trusted certificates set up correctly. Weblogic's apis only
seem to establish the trusted CAs if you go thru the SSLContext and not
thru getDefault().
Is there anybody more knowledgable about this than me that can shed
some light on this subject?
I know from using the apache soap whenever the outgoing SSL handshake
takes place it aborts because the servers certificate is rejected
because it is not trusted and I know that it's because weblogic doesn't
know about any trusted certificates from it's trusted CA store. and a
cursory glance at the weblogic api's suggest that it's because the
apache soap code doesn't go thru SSLContext.