Yes, I've done this already but I used portecle... a GUI app that uses keytool I believe.
This is what I did:
1. generated new key pair in keystore.jks (alias localhost)
2. set up SSL listener on glassfish and tested it with localhost (no client authentication yet)
3. exported localhost with:
- export type=private key and certificates
- export format=PKCS#12
4. imported PKCS#12 into firefox and set FF to always ask to select a certificate
5. enabled client authentication on glassfish
6. accessed secure listener and was warned about the server certificate not being CA signed, but accepted it anyways. Then I should have been prompted for the client certificate, no? But I wasn't.
[Message sent by forum member 'black_lotus' ]
http://forums.java.net/jive/thread.jspa?messageID=371850