Hi, How the Websphere truststore on PROD environment looks like? Are the certificates stored in JKS file?
If you have to use other API to access Websphere truststore, likely you need to implement own Crypto provider (like merlin) and register it using SecurityConstants.SIGNATURE_CRYPTO property. Regards, Andrei. > -----Original Message----- > From: jeffc [mailto:jeff_carbe...@bcbsil.com] > Sent: Montag, 6. Oktober 2014 18:42 > To: users@cxf.apache.org > Subject: Point CXF to Websphere truststore for certs? > > I get ws-security's signature validation via CXF working on my service in > local > Websphere when using org.apache.ws.security.crypto.merlin.file > property pointing to a file based JKS that contains my companies CA root and > issuer certs. > > But when I deploy to our Prod environment I would like to have CXF use the > Websphere truststore that contains these, but I can't seem to get that to work > by default when I remove my JKS file. I have tried several approaches. > Even tried adding the certs to CellDefaultTrustStore > Signer certificates in > Websphere but that did not seem to work either. > > What is the correct approach? Is there a setting to make in Websphere? > I am using the latest CXF 2.7.11 and Websphere 8.5 > > I know that we have the DisableIBMJAXWSEngine=true in Websphere since > CXFServlet is handling this so not sure how a Websphere based ws-security > setting would control this though. > > I am really hoping there is a default way to get this working as I would think > that having to set the org.apache.ws.security.crypto.merlin.file > property to have a hard coded path to truststore file on WAS server is not > ideal. > > > > > -- > View this message in context: http://cxf.547215.n5.nabble.com/Point-CXF-to- > Websphere-truststore-for-certs-tp5749478.html > Sent from the cxf-user mailing list archive at Nabble.com.
