...
A new feature starting in CXF 2.2.7 is the trustAllCertificates
attribute for this element. It defaults to false
, indicating that the SSL certificate will be checked against the X509TrustManager (if none is configured, the JVM's keystore is used), and failing if the certificate is not trusted (unknown Certificate Authority, etc). If set to true
(not recommended for production use), such checks will be bypassed. That will allow you, for example, to easily use a self-signed certificate during development.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
... <http-conf:conduit name="{http://example.com/}HelloWorldServicePort.http-conduit"> <!-- trust all certificates (self-signed certificate, etc) --> <!-- WARNING ! trustAllCertificates=true should NOT be used in production --> <http-conf:tlsClientParameters trustAllCertificates="true" /> ... </http-conf:conduit> ... |
...
A new feature starting in CXF 2.0.5 is the disableCNcheck
attribute for this element. It defaults to false
, indicating that the hostname given in the HTTPS URL will be checked against the service's Common Name (CN) given in its certificate during SOAP client requests, and failing if there is a mismatch. If set to true
(not recommended for production use), such checks will be bypassed. That will allow you, for example, to use a URL such as localhost
during development.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
... <http-conf:conduit name="{http://example.com/}HelloWorldServicePort.http-conduit"> <!-- deactivate HTTPS url hostname verification (localhost, etc) --> <!-- WARNING ! disableCNcheck=true should NOT be used in production --> <http-conf:tlsClientParameters disableCNcheck="true" /> ... </http-conf:conduit> ... |
...