Configuring SSL

To configure the standalone HTTP transport to use SSL, you'll need to add an <http:destination> definition to your XML configuration file. See the Configuration guide to learn how to supply your own XML configuration file to CXF. If you are already using Spring, this can be added to your existing beans definitions.

Destinations in CXF are responsible for listening for server side requests.
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xsi:schemaLocation=" http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schema/transports/http.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">

<http:destination id="

GreeterImplPort.http-destination">
<http:sslServer>
<sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
<sec:KeystoreType>PKCS12</sec:KeystoreType>
<sec:KeystorePassword>celtixpass</sec:KeystorePassword>
<sec:KeyPassword>celtixpass</sec:KeyPassword>
<sec:WantClientAuthentication>true</sec:WantClientAuthentication>
<sec:RequireClientAuthentication>true</sec:RequireClientAuthentication>
<sec:TrustStore>src/demo/hw_https/resources/celtixp12.truststore</sec:TrustStore>
<sec:CiphersuiteFilters>
<!-- these filters ensure that a ciphersuite with
export-suitable or null encryption is used,
but exclude anonymous Diffie-Hellman key change as
this is vulnerable to man-in-the-middle attacks -->
<sec:include>.EXPORT.</sec:include>
<sec:include>.EXPORT1024.</sec:include>
<sec:include>.WITH_DES.</sec:include>
<sec:include>.WITH_NULL.</sec:include>
<sec:exclude>.DH_anon.</sec:exclude>
</sec:CiphersuiteFilters>
</http:sslServer>
</http:destination>

</beans>