The policy I attached in the last mail will cause the client to sign the Timestamp using the private key associated with the X.509 certificate. Client authentication then takes place on the receiving side by verifying the signature, and verifying trust in the signing cert. You don't have to add any interceptor, just specify a keystore or truststore on the receiving side that contains either the certificate of the client, or more commonly the certificate of some issuer of the client cert.
Colm. On Tue, May 22, 2012 at 11:29 AM, semecxf <diata.ke...@gmail.com> wrote: > Colm, > > How I do validate X509 certificate and authenticate user? > I did not find any interceptor for X509 certificate. > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Custom-X509TokenValidator-tp5708191p5708260.html > Sent from the cxf-dev mailing list archive at Nabble.com. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com