Invoke a secured CA https SOAP service with a CXF client

Question

I'm trying to invoke a SOAP service published on a secured server (Apache/Tomcat with SSL and CA configured)

the service expect a .P12 (PKCS#12) certificate to handle authorization.

My test using SOAPUI works well ( service invoked and returned the correct result )

I guess I'v to deal with KeyTool to load the certificate within my keystore but I'm not able to figure it ou correctly.

in addition to that, SOAPUI is running on top of a JVM, and no need to load any certificate within JRE keyStore (as it just need to point on the P12 certificate), so I think that there's a way to "Load" the certificate on demande at invokation time ?

after some investigations, It seems that there's some CXF configurations to do ( documentation )

Code : github repository

VM arguments :

-Djavax.net.ssl.keyStoreType=pkcs12
-Djavax.net.ssl.keyStore=c:/job/CDBXXX-XXXXX.p12
-Djavax.net.ssl.keyStorePassword=******

Logs (more here ):

main, SEND TLSv1 ALERT:  fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException:     
   sun.security.validator.ValidatorException: PKIX path building failed:      
   sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid     
   certification path to requested target
main, called close()
main, called closeInternal(true)

Thank's

Answer 1

javax.net.ssl.SSLHandshakeException means that you have one of these problems :

1. The client key is not signed by one of the CAs in the server trust store.
2. The client key is signed by an intermediate CA and you don't have the full CA chain in the server trust store.