tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Cornett <>
Subject Re: How to bypass Check of SSL certificate ?
Date Fri, 30 Oct 2015 14:29:42 GMT
What I do for our test environments (which are using self signed certs) is
set the (and
Java system properties to point to a keystore that has imported (and fully
trusted) the cert we're using in addition to the certs stored in the JRE's
root store.  That way I don't have to make any code modifications between
dev and prod.

On Fri, Oct 30, 2015 at 10:12 AM, jmb <> wrote:

> I am trying to invoke a Web Service over SSL, from a tomee 1.6 server, but
> I
> get a SSLHandshakeError. The problem is that the certificate is self
> signed,
> and is not recognized by my JVM. As it is only for test purpose, and not
> production, I have been asked to bypass the certificate control. I read a
> lot of stuff about how to proceed, and I have written two classes
> (NaiveSSLContext and NaiveSSLSocketFactory) which purpose is to replace the
> default check process.
> My problem is that I don't know how to tell tomme to use these classes. I
> have tried this one :
> / new
> NaiveSSLSocketFactory());/
> but it doesn't work. My NaiveSSLSocketFactory is never called.
> I have read that CXF client had a little more configuration to do :
> /<http-conf:conduit name="*.http-conduit" >
>     <http-conf:tlsClientParameters
>         useHttpsURLConnectionDefaultSslSocketFactory="true"
>     />
> </http-conf:conduit>/
> I don't know how to proceed, because CXF is embedded inside Tomee, and I
> can't find any configuration file where to add this code.
> --
> View this message in context:
> Sent from the TomEE Users mailing list archive at

Adam Cornett
(678) 296-1150

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message