In the meanwhile I was able to enforce mutual ssl when calling the second EJB directly from the client by setting the deployment descriptor elements accordingly:
[code]
<ior-security-config>
<transport-config>
<integrity>[b]required[/b]</integrity>
<confidentiality>[b]required[/b]</confidentiality>
<establish-trust-in-target>
supported
</establish-trust-in-target>
<establish-trust-in-client>
[b]required[/b]
</establish-trust-in-client>
</transport-config>
<sas-context>
<caller-propagation>supported</caller-propagation>
</sas-context>
</ior-security-config>
[/code]
But only after creating my own certificate which I put in a keystore that i referenced as key- and truststore on both sides.
But still activating clientAuth in the certificate realm does not change the behaviour at all. Any ideas where I can get more detailed information about this?
Cheers,
Chris
[Message sent by forum member 'candlejack' (candlejack)]
http://forums.java.net/jive/thread.jspa?messageID=305944