Generally, we use server keys provided by one of the common CA's that are in cacerts by default. I'm not sure if this is applicable to what you're doing.
You can add keys to any keystore (including cacerts) using the keytool command (common uses: http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html). Certificate validation is the responsibility of JSSE libraries. If you're trying to understand the ssl communication, you can turn on ssl debugging (-Djavax.net.debug=all) which may help elucidate what is actually happening for your code. Hope that get's you going in the the right direction, Nate -----Original Message----- From: siva naresh [mailto:svu...@progress.com] Sent: Wed 7/14/2010 1:41 AM To: users@cxf.apache.org Subject: Re: writing SSL webservice client I also tried an example locally, Where I generated certificates using keytool for the server and used the same certificate to invoke the server from the client using trustmanager in the following way. <sec:trustManagers> <sec:keyStore type="JKS" password="password" file="truststore.jks"/> it worked fine. But this is not for the production use. What changes do I need to make for production use ? what is the way to put the server's public key in the client JDK's cacerts file. Does CXF has anything to make this automatically? Does CXF verify the authenticity of the server's public key with the CA? -- View this message in context: http://cxf.547215.n5.nabble.com/writing-SSL-webservice-client-tp1046827p1086015.html Sent from the cxf-user mailing list archive at Nabble.com.