Which steps should be taken to consume a web service on a remote server over SSL? The application is a Java application using Axis WS Framework running on Tomcat 6.
I'm aware of e.g. the instruction on http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html, which, however seem to mainly describe how to configure the server to accept SSL requests.
For client connections, it's just like SSL for any other Java application. The fact that it's running in Tomcat doesn't make a difference.
You'll need to specify the correct "https:" endpoint for the web service. If this wasn't the default in the WSDL when you generated the web service client API, you can use an alternate constructor that takes a URL parameter.
If the web service you are accessing doesn't have a certificate issued by a "real" authority that's already recognized by the runtime, you'll need to specify a trust store. The easiest way to do this is by adding the "javax.net.ssl.trustStore" system property when launching the application.
Two common approaches here:
http://ws.apache.org/xmlrpc/ssl.html
WebLogic has its own stuff:
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/security/SSL_client.html#wp1029670
