Dies is correct. The initial non ssl interactions are to the name service to acquire the IOR. The IOR will contain the csiv2 mechanism definition derived from the ior-security-config that you configured for your ejb. It is this info that tells the client that it will be required to use SSL when
it invokes the ejb.
I believe every domain includes additional iiop-listener port configs for one-way and mutual ssl.
depending on your domain configuration you may need to enable these listeners; then you would configure your client to define the corresponding orb initial port.
if the client intends to do one-way ssl, you should ensure that the client has been configured to use a truststore containing the cert/public key of the issuer of the (name) server certificate. If you configure your client to contact a port that requires mutual ssl, you will also have to configure the client's keystore and key alias.
Properties p = new Properties();
p.put("org.omg.CORBA.ORBInitialPort","3820");
InitialContext ctx = new InitialContext(p);
you can also do this by setting a system property, or by redefining the default jndi properties.
[Message sent by forum member 'monzillo' (ronald.monzillo_at_sun.com)]
http://forums.java.net/jive/thread.jspa?messageID=389618