cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Juan José Vázquez Delgado <>
Subject Custom KeyManager and TrustManager in TLS/SSL configuration
Date Thu, 09 Sep 2010 13:32:38 GMT

Currently I'm working in a web service client that has to deal with
authentication based on X509 certificates. Unfortunately, we don't
have file-based certificates, i.e. PKCS12 or JKS, but they are
embedded in smart cards.

Taking the Spring-based SSL configuration into account, how can we
configure our custom KeyManager and TrustManager?. It would be enough
with custom keyStore and certStore implementations?. It would be OK a
configuration like this?:

  <http:conduit name="{........}Service.http-conduit">
    <http:tlsClientParameters disableCNCheck="true">
          <bean class="MyCustomCertStore" />
          <bean class="myCustomKeyStore" />
        <!-- these filters ensure that a ciphersuite with
          export-suitable or null encryption is used,
          but exclude anonymous Diffie-Hellman key change as
          this is vulnerable to man-in-the-middle attacks -->

Any suggestions will be appreciate. Thanks in advance,


View raw message