Hi all,
I am trying to setup two GFv2 servers so that a trust is created between those too. According to documentation and several inet resources this can be achieved by setting up mutual ssl between those two servers.
To achieve this I set the clientAuth property in the certificate realm of the second server (the callee) to true. That way mutual ssl is enforced for all applications and the corresponding settings in the deployment descirptors of my test EJBs do not matter anymore, right?
Now the servers have to trust each others certificates, so i set the truststore properties of each server to the keystore.jks file used by the other server, since keystore.jks contains all keys and certificates used by the server.
But so far I could not make a successful call to the EJB on the callee side, instead after setting javax.net.debug=ssl:handshake I see certificate_unknown messages in the server logs when the ssl handshake should take place. I have been trying several combinations of key- and truststores using keystore.jks and cacerts.jks (whereas the latter should not be necessary as far as I understood) but still no joy.
Does anyone have a clue what I am doing wrong here?
Cheers,
Chris
P.S: In case it matters, both GFv2 instances are running on the same machine and I set the ports of the callee instance to the 1500 port range (1548,1537,1538,1539..). In the caller EJB I set InitialHost to localhost ad InitialPort to 1537.
[Message sent by forum member 'candlejack' (candlejack)]
http://forums.java.net/jive/thread.jspa?messageID=304266