Hello everybody. I've tried to configure Jboss to use RMI over SSL to access my Session beans. It works fine only that way, the server sends it's certificate key to the client and client must have it in it's trust store, but the client isn't required to send it's certificate key to the server and server doesn't control it. Could you please help me? What am I doing wrong? The service XML file deployed on server: | <?xml version="1.0" encoding="UTF-8"?> | <server> | | <!-- The SSL domain setup --> | <mbean code="org.jboss.security.plugins.JaasSecurityDomain" | name="jboss.security:service=JaasSecurityDomain,domain=RMI+SSL"> | <constructor> | <arg type="java.lang.String" value="RMI+SSL"/> | </constructor> | <attribute name="KeyStoreURL">d:/jboss-4.0.4.GA/server/suc/certs/ServerKeyTrust.jks</attribute> | <attribute name="KeyStorePass">password</attribute> | <attribute name="TrustStoreURL">d:/jboss-4.0.4.GA/server/suc/certs/ServerKeyTrust.jks</attribute> | <attribute name="TrustStorePass">password</attribute> | <attribute name="ManagerServiceName">jboss.security:service=JaasSecurityManager</attribute> | </mbean> | | <mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker" | name="jboss.security:service=invoker,type=jrmp,socketType=SSLSocketFactory,wantsClientAuth=true"> | <attribute name="RMIObjectPort">14445</attribute> | <attribute name="RMIClientSocketFactory">org.jboss.security.ssl.RMISSLClientSocketFactory | </attribute> | <attribute name="RMIServerSocketFactoryBean" | attributeClass="org.jboss.security.ssl.RMISSLServerSocketFactory" | serialDataType="javaBean"> | <property name="bindAddress">${jboss.bind.address}</property> | <property name="securityDomain">java:/jaas/RMI+SSL</property> | <property name="wantsClientAuth">true</property> | <property name="needsClientAuth">true</property> | </attribute> | <depends>jboss.security:service=JaasSecurityDomain,domain=RMI+SSL</depends> | </mbean> | </server> | Part of the definition in jboss.xml in my deployed application: | <session> | <ejb-name>SlSbModule</ejb-name> | <jndi-name>ejb/SlSbModule</jndi-name> | <local-jndi-name>SlSbModuleLocal</local-jndi-name> | <invoker-bindings> | <invoker> | <invoker-proxy-binding-name> | stateless-ssl-invoker | </invoker-proxy-binding-name> | </invoker> | <call-logging>true</call-logging> | </invoker-bindings> | </session> | ... | <invoker-proxy-bindings> | <invoker-proxy-binding> | <name>stateless-ssl-invoker</name> | <!-- invoker-mbean>jboss:service=invoker,type=jrmp,socketType=SSL</invoker-mbean --> | <invoker-mbean>jboss.security:service=invoker,type=jrmp,socketType=SSLSocketFactory,wantsClientAuth=true</invoker-mbean> | <proxy-factory>org.jboss.proxy.ejb.ProxyFactory</proxy-factory> | <proxy-factory-config> | <client-interceptors> | <home> | <interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor> | <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor> | <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor> | <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor> | </home> | <bean> | <interceptor>org.jboss.proxy.ejb.StatelessSessionInterceptor</interceptor> | <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor> | <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor> | <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor> | </bean> | </client-interceptors> | </proxy-factory-config> | </invoker-proxy-binding> | </invoker-proxy-bindings> | View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3993308#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...