Configuring SSL Support
To configure you're client to use SSL, you'll need to add an <http:conduit> definition to your XML configuration file. See the Configuration guide to learn how to supply your own XML configuration file to CXF. If you are already using Spring, this can be added to your existing beans definitions.
A "hello_world_https" sample can be found in the CXF distribution with more detail.
Here is a sample of what your conduit definition might look like:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xsi:schemaLocation="
http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schema/transports/http.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<http:conduit id="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit">
<http:sslClient>
<sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
<sec:KeystorePassword>celtixpass</sec:KeystorePassword>
<sec:KeyPassword>celtixpass</sec:KeyPassword>
<sec:TrustStore>src/demo/hw_https/resources/abigcompany_ca.pem</sec:TrustStore>
<sec:CiphersuiteFilters>
<!-- these filters ensure that a ciphersuite with
export-suitable but non-null encryption is used,
and prefers the stronger SHA over MD5 message digests -->
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:exclude>.*_WITH_NULL_.*</sec:exclude>
<sec:exclude>.*_MD5</sec:exclude>
</sec:CiphersuiteFilters>
</http:sslClient>
</http:conduit>
</beans>
The first thing to notice is the "id" attribute on <http:conduit>. This allows CXF to associate this HTTP Conduit configuration with a particular WSDL Port. The id includes the service's namespace, the WSDL port name, and ".http-conduit". It follows this template: "{serviceNamespace}portName.http-conduit".