First, I haven't used any of the Axis2 HTTPS support you mentioned. I don't know if this is typical of Axis2 web services, but most references I've seen to SSL use the facilities of the app server and javax.net.
Couple of questions to get started: Is the "standard" SSL working (other than the client authentication)? Does your Tomcat config include clientAuth="true"? Does your Tomcat config include settings for keystorefile and keystorepass as well as truststorefile and truststorepass? On the server, the keystore contains the SSL certificate and the truststore contains the certificate *of the Certificate Authority that signed the certificate that the client is using for client authentication.* (I find this confusing - to keep it simple, I use the same keystore for both. Not a "best practice", I think). Does your client System.setProperty() for javax.net.ssl.trustStore, trustStorePassword, keyStore and keyStorePassword? Here. the keystore contains the SSL client authentication certificate and the truststore contains the certificate *of the Certificate Authority that signed the server SSL certificate*. Another useful property to set is javax.net.debug - set it to "ssl" to get a bunch of SSL diagnostics. I'm still pretty new to this stuff, so I'm not certain of this information (but it seems to work for us). Please jump in and correct me if I'm wrong! Anyway, I hope this helps. - Steve ______________________________________________ Steve Gruverman, Programmer IntelliCare, Inc. | A Medco Health Solutions Company 500 Southborough Drive | South Portland ME 04106 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
