Hi Phillipe, I think you have to enable "client-auth" in the application server/servlet container where you have deployed Axis2.
For example, in Tomcat, there is a parameter named "clientAuth" which is by default set to "false" in SSL Configuration section. By setting its value to "true" you can force two-way authentication in SSL handshake. Thanks. /thilina Thilina Mahesh Buddhika http://blog.thilinamb.com On Mon, Nov 30, 2009 at 10:10 PM, Philippe A. <futhar...@gmail.com> wrote: > I have successfully setup one way https authentication between my web > service client and server. The next step is to enable two-way auth but I'm > having problems doing it. > > To make sure two-way auth kicks in, I wanted to have client auth fail on > purpose. However, client requests are not rejected as planned. > > In axis2.xml, I have added the following: > > <parameter name="truststore" locked="false"> > <TrustStore> > <Location>trust.jks</Location> > <Type>JKS</Type> > <Password>changeit</Password> > </TrustStore> > </parameter> > <parameter name="SSLVerifyClient">require</parameter> > > I volontarily left the trust store empty. I have left services.xml > unchanged, as well as my client. > > Can anyone tell me what I am missing? > > I'm using Axis2 1.4.1 and Rampart 1.4. > > Thanks! >
