Hello,
I'm trying to have my static stub JAX-RPC client communicate via SSL with a
remote web service. I'm setting the two system properties for specifying the
SSL trust store path and trust store password. The client is able to
successfully communicate via SSL when the remote web service's web server is
configured to not require client-side authentication (for example in tomcat
the configuration attribute 'clientAuth="false"' would be used). However,
when I turn on this attribute and require client-side authentication, the
JAX-RPC client fails to communicate successfully with the web service. Is
there anything else that must occur on the JAX-RPC client side when the
remote web server requires a client-side certification authentication? I'm
still new to SSL, so perhaps I have the basic concept confused. Do I have to
import another certification in the client-side keystore for this to work? I
looked in the java web services tutorial and they say that you need to
specify the following in web.xml:
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
However, this is a standalone JAX-RPC client that isn't running within a web
container (thus there is no web.xml).
Am I missing something here? Thank you for any suggestions...
-- Ryan