[jboss-user] [JBoss Web Services] - Re: How can I do mutual SSL when using JBoss as Web service

Richard Gomes do-not-reply at jboss.com
Wed Nov 10 01:16:53 EST 2010

Richard Gomes [http://community.jboss.org/people/richard.anywhere] created the discussion

"Re: How can I do mutual SSL when using JBoss as Web service"

To view the discussion, visit: http://community.jboss.org/message/570402#570402

As this is high on the Google search results for "jboss WS Client Mutual Certificate" and doesn't have a posted resolution, I thought I'd post what I did to get everything working.

The basic principle here is that BOTH the Web Service (WS) and the Web Service Client (WS-C) need to have the other's key stored as "trusted". Specifically, the following needs to be set ON BOTH SIDES:


Now, both sides also need their own keystore. The key of WS needs to be trusted by WS-C and vice-versa. Set the following ON BOTH SIDES:


To get something up and running quickly, use the same keystore and truststore on both sides ... even simpler, you can create a new keystore and simply copy the output file to also become the truststore:

  $JAVA_HOME/bin/keytool -genkey -alias jboss -keyalg RSA
  cp .keystore .truststore

You can also do an explicit import to load a key into a truststore:

  keytool -import -alias jboss -file certificate -storepass changeit -keystore .truststore

This all worked for me. If possible, please provide feedback on gotchas or success stories relating to the above.

All the best,

Reply to this message by going to Community

Start a new discussion in JBoss Web Services at Community

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20101110/f53287d5/attachment-0001.html 

More information about the jboss-user mailing list