tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Cornett <adam.corn...@gmail.com>
Subject Re: How to bypass Check of SSL certificate ?
Date Fri, 30 Oct 2015 14:29:42 GMT
What I do for our test environments (which are using self signed certs) is
set the  javax.net.ssl.trustStore (and javax.net.ssl.trustStorePassword)
Java system properties to point to a keystore that has imported (and fully
trusted) the cert we're using in addition to the certs stored in the JRE's
root store.  That way I don't have to make any code modifications between
dev and prod.

On Fri, Oct 30, 2015 at 10:12 AM, jmb <jmb_bal@khiplus.fr> wrote:

> I am trying to invoke a Web Service over SSL, from a tomee 1.6 server, but
> I
> get a SSLHandshakeError. The problem is that the certificate is self
> signed,
> and is not recognized by my JVM. As it is only for test purpose, and not
> production, I have been asked to bypass the certificate control. I read a
> lot of stuff about how to proceed, and I have written two classes
> (NaiveSSLContext and NaiveSSLSocketFactory) which purpose is to replace the
> default check process.
> My problem is that I don't know how to tell tomme to use these classes. I
> have tried this one :
>
> /javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory( new
> NaiveSSLSocketFactory());/
>
> but it doesn't work. My NaiveSSLSocketFactory is never called.
>
> I have read that CXF client had a little more configuration to do :
>
> /<http-conf:conduit name="*.http-conduit" >
>     <http-conf:tlsClientParameters
>         useHttpsURLConnectionDefaultSslSocketFactory="true"
>     />
> </http-conf:conduit>/
>
> I don't know how to proceed, because CXF is embedded inside Tomee, and I
> can't find any configuration file where to add this code.
>
>
>
>
>
> --
> View this message in context:
> http://tomee-openejb.979440.n4.nabble.com/How-to-bypass-Check-of-SSL-certificate-tp4676657.html
> Sent from the TomEE Users mailing list archive at Nabble.com.
>



-- 
Adam Cornett
adam.cornett@gmail.com
(678) 296-1150

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message