1

I want to connect to a soap-webservice thatis accessed via https and provides a SSL-Server-Certificate TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS 1.2.

Via webbrowser, I'm asked to accept the certificate before I can view the wsdl.

How can I implement this in java, using cxf 3 and spring 4? Probably it has to do with HTTPConduit and TLSClientParameters? But I don't have any client certificate I could provide.

I cannot use xml-configuration files, it must be possible programmatically.

membersound
  • 81,582
  • 193
  • 585
  • 1,120

1 Answers1

1

Since your browser asks you to accept the certificate, I assume it is not signed by a trusted certificate authority. In that case, you need to download the certificate and import it to the Java "keystore" - the repository of trusted certificates.

See this response on how to import the certificate to the keystore.

Then, you just use the https:// protocol for your WS endpoint.

Community
  • 1
  • 1
Adam Michalik
  • 9,678
  • 13
  • 71
  • 102
  • Is there a way to provide the certificate programmatically? (I cannot add it to the java keystore directly). – membersound Sep 10 '15 at 12:45
  • 1
    Can you elaborate why you cannot do that? If it is forbidden by your server administrator, you should rather discuss with her/him the issue and convince that it is needed to adjust the default keystore to include the WS certificate. Any other solution, even if it works, may be against you company security policies. – Adam Michalik Sep 10 '15 at 12:57
  • It indeed because of company security policies, and the fact that the application will be moved several times to a new machine, and always having to reinstall the required certificate is probably bugphrone. – membersound Sep 10 '15 at 13:07
  • Still, trying to "work around" the policy can get you into more trouble than the annoyance of an additional step in environment setup. But - on your own responsibility - here's a question about a programmatic configuration of the SSLSocketFactory, TrustManager and an embedded keystore: http://stackoverflow.com/questions/3247746/java-loading-ssl-keystore-via-a-resource – Adam Michalik Sep 10 '15 at 13:54