Well, I'm not sure if that helps :) Everything works fine when clientAuth is set to true, and I can see in the logs that the server requests a client certificate and that the client provides its certificate. So I'm not sure why what's described in the link you sent me wouldn't be needed in this case but would be needed when clientAuth is set to false and the <security-constraint> is added to the web.xml... I'm working on httpclient only client, trying to find out if the server doesn't request a certificate or if the client doesn't send it... I'll send an update asap.
Any idea is welcome in the meantime :) Thanks, -Phil On Tue, Jun 15, 2010 at 1:12 PM, robert lazarski <[email protected]>wrote: > On Tue, Jun 15, 2010 at 7:10 AM, Philippe Frangioni <[email protected]> > wrote: > > Hi all, > > We're using Axis2 > > 1.5.1 and the container we use is Tomcat 6. > > We want to set up Mutual SSL authentication. So we started with > > authenticating the server and it went fine. > > - The server has its own keystore (self signed certificate) and Tomcat > has > > an SSL connector. > > - If we make a web service call with a browser, it's refused until we > > decide to trust the certificate. > > - If we make a web service call with our java client (using a > > RPCServiceClient), it's refused. > > - If we provide a truststore to our java client using > > -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword, the > call > > works fine. > > > Does this help? > > http://ws.apache.org/axis2/1_5/http-transport.html#httpsupport > > - R > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
