This is sort of an extension of this thread:
9330064
Although you don't need to read that thread to understand the question.
Our Java client uses JAX-WS to communicate via SOAP to a server. We're using HTTPS to secure the communication. This all works fine on our production systems, where the sites have real certs signed by a legit CA.
However, in our testing and development environments, we have a bunch of web servers with self-signed certs for testing against. Unfortunately, JAX refuses to connect to these servers, which makes testing and development a problem.
I've spent a lot of time researching SSLContexts and the like, but I can't seem to figure out how to set the default behavior to connect without any regard for validity. Basically, if the application detects that it's running in a test or development environment, just disable all checks for all SSL activity. Accept and trust any cert. Don't worry about whether the cert matches the hostname. Etcetera.
It seems as if the problem is specific to JAX, since the generated classes do all the socket setup, and I can't find a way to either communicate to the generated classes that they should ignore cert problems, or override the parts of the classes that need overridden, or set the default behavior.
I'd prefer not to require that everyone who develops or tests the software install certs into a keystore. Since these are development and testing servers, they tend to change without warning, and anyone can generate a new self-signed cert at any time, and I want to allow those things to happen with as little disruption as possible.
Also, I couldn't find a JAX-WS specific forum. Does anyone know of a more appropriate place to ask this question?