Richard Gomes [http://community.jboss.org/people/richard.anywhere] created the discussion "Re: How can I do mutual SSL when using JBoss as Web service" To view the discussion, visit: http://community.jboss.org/message/570402#570402 -------------------------------------------------------------- As this is high on the Google search results for "jboss WS Client Mutual Certificate" and doesn't have a posted resolution, I thought I'd post what I did to get everything working. The basic principle here is that BOTH the Web Service (WS) and the Web Service Client (WS-C) need to have the other's key stored as "trusted". Specifically, the following needs to be set ON BOTH SIDES:   -Djavax.net.ssl.trustStore=/home/dev/.truststore   -Djavax.net.ssl.trustStorePassword=changeit Now, both sides also need their own keystore. The key of WS needs to be trusted by WS-C and vice-versa. Set the following ON BOTH SIDES:   -Djavax.net.ssl.keyStore=/home/dev/.keystore   -Djavax.net.ssl.keyStorePassword=changeit To get something up and running quickly, use the same keystore and truststore on both sides ... even simpler, you can create a new keystore and simply copy the output file to also become the truststore:   $JAVA_HOME/bin/keytool -genkey -alias jboss -keyalg RSA   cp .keystore .truststore You can also do an explicit import to load a key into a truststore:   keytool -import -alias jboss -file certificate -storepass changeit -keystore .truststore This all worked for me. If possible, please provide feedback on gotchas or success stories relating to the above. All the best, Richard -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/570402#570402] Start a new discussion in JBoss Web Services at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]