Configuring SSL Support
To configure you're client to use SSL, you'll need to add an <http:conduit> definition to your XML configuration file.
A "hello_world_https" sample can be found in the CXF distribution with more detail.
Here is a sample of what your conduit definition might look like:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xsi:schemaLocation="
http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schema/transports/http.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<http:conduit id="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit">
<http:sslClient>
<sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
<sec:KeystorePassword>celtixpass</sec:KeystorePassword>
<sec:KeyPassword>celtixpass</sec:KeyPassword>
<sec:TrustStore>src/demo/hw_https/resources/abigcompany_ca.pem</sec:TrustStore>
<sec:CiphersuiteFilters>
<!-- these filters ensure that a ciphersuite with
export-suitable but non-null encryption is used,
and prefers the stronger SHA over MD5 message digests -->
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:exclude>.*_WITH_NULL_.*</sec:exclude>
<sec:exclude>.*_MD5</sec:exclude>
</sec:CiphersuiteFilters>
</http:sslClient>
</http:conduit>
</beans>
The first thing to notice is the "id" attribute on <http:conduit>. This allows CXF to associate this HTTP Conduit configuration with a particular WSDL Port. The id includes the service's namespace, the WSDL port name, and ".http-conduit". It follows this template: "{serviceNamespace}portName.http-conduit".