The <jsse> element of the <security-domain> in the configuration file is maybe the right place, but it seems to be ignored when I try to use it with client-auth enabled
I've made a few tests with a trustore and client-auth enabled, and remote calls works even with an untrusted certificate!!!
<jsse keystore-password="pass" keystore-url="file:/D:/jboss-as-7.1.1.Final/standalone/configuration/server.keystore" truststore-password="otherpass" truststore-url="file:/D:/jboss-as-7.1.1.Final/standalone/configuration/server.truststore" cipher-suites="TLS_RSA_WITH_AES_256_CBC_SHA" client-auth="true"/>
Any idea?