For 1-way SSL, the client just needs to trust the server, so the client needs a truststore, and the server needs a keystore. For 2-way SSL, the server also needs to trust the client, so they both need a keystore and truststore configured, and the server policy must be configured to demand a client cert, e.g.:
<sec:clientAuthentication want="true" required="true"/> Colm. On Tue, Mar 8, 2011 at 5:32 PM, jaybytez <[email protected]> wrote: > Does CXF support two way SSL? And if so, is this done purely through the > configuration of http:conduit? > > Based on the following blogs, there is some good SSL information: > > http://aruld.info/programming-ssl-for-jetty-based-cxf-services/ > http://www.knowledgetip.com/index.php/home/software-development/1-java/32-sslauthentication > http://www.quendor.org/archiv/428#comments > > But I don't see anything that essentially describes 2-way SSL. > > The following is a snippet of my http:conduit...and I missing anything: > > > > > > > > > > > > .*_EXPORT_.* > .*_EXPORT1024_.* > .*_WITH_DES_.* > .*_WITH_NULL_.* > .*_RSA_.* > .*_DH_anon_.* > > > > > > Thanks, > > Jay > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/CXF-Support-2-way-SSL-tp3414301p3414301.html > Sent from the cxf-user mailing list archive at Nabble.com. >
