Okay, now I am completely stumped.
I spent the last days trying all kinds of stuff and just now I decided to go back to my starting point and restart from there. So I set up my client to call the second EJB directly without using the caller EJB, removed clientAuth from the certificate realm and set all transport-config properties in sun-ejb-jar.xml to supported in order to allow access without SSL.
Now I was able to call the EJB without sepcifying key- and truststores on client side, as expected. So I added the clientAuth property to certificate realm again. Still no trust- or keystored defined in the clients VM parameters. And the call STILL succeeds!!
Can anyone explain this to me? I thought activating client auth enforces two way ssl and since the client has no keystore and more important does not reference the truststore containing the servers certificate that call should fail miserably. But it does not. I am really lost here any help welcome.
Thanks, Chris
[Message sent by forum member 'candlejack' (candlejack)]
http://forums.java.net/jive/thread.jspa?messageID=304532