Hi All, Both my web service and STS are running on different Tomcat instance and are configured to run on https. When I run CXF client, I was getting "PKIX path building failed: SunCertPathBuilderException: unable to find valid certification path to requested target.". So, I exported Tomcat cert and imported it to Java Keystore.
Then I was getting following error message. I think that this is because my tomcat keystore uses CN as "localhost" while I am pointing "wkengchoi.global.sdl.corp" elsewhere. I was too lazy to create Tomcat keystore or to change my references to "wkengchoi.global.sdl.corp", so I decided to set "disableCNCheck" to true. Caused by: com.ctc.wstx.exc.WstxIOException: The https URL hostname does not match the Common Name (CN) on the server certificate. To disable this check (NOT recommended for production) set the CXF client TLS configuration property "disableCNCheck" to true So, I added following content to my cxf.xml on the client. I found two problems here. First, should I reference keyStore to Java keyStore or clientstore.jks? <http:conduit name="https://.*";> <http:tlsClientParameters disableCNCheck="true"> <sec:trustManagers> <sec:keyStore type="jks" password="cspass" resource="clientstore.jks"/> </sec:trustManagers> </http:tlsClientParameters> </http:conduit> Second, with above configuration, I am getting following error message. It looks like that I need to add schema file about element "http:conduit". So, I searched CXF test file, but couldn't find it. I have been spent several hours to deal with this issue and running out my time for today. Could anyone tell me what is correct configuration for https in client side? Caused by: org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'http:conduit'. Thanks. Gina
