We needed to consume MOSS out of the box web services hosted on HTTPS protocol from a Java application running on WebLogic server. Do we need to import SSL certificate of the MOSS website into WebLogic server or can we simply bypass certificate validation? What is the best approach? We may need to support more than one web site as more MOSS web sites can be configured in future.
Thanks.
You can do that, or you can disable the SSL validation with a fake trust-manager. I think both subjects are described in this similar question:
Java client certificates over HTTPS/SSL
It can be a hassle to manage many SSL cerificates: expiration, changed domains, changed issuer ++ If SSL is not that important to you I say skip it
Not necessarily. Your java app will need to establish a chain of trust from the server cert to the JVM's own trusted CA certs. As long as a CA cert is available that starts that chain, you should be fine. If you self sign certs, you will need to add your signing CA to the java's keystore. You do not need to import every server's certificate. Just the trusted CA certificate that signed them all if it is not already trusted.
Import a root or intermediate CA certificate to an existing Java keystore:
keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks
