As in one-way SSL, in two-way SSL the server presents a digital certificate to the client; unlike one-way SSL, in two-way SSL the client must present a digital certificate to the server before the SSL session is established.
To secure a web resource using two-way SSL, follow the procedures set out for securing a resource with one-way SSL. See One-way SSL for procedure details. To complete the process you must take the additional step of configuring WebLogic Server for two-way SSL, either through the WebLogic Server console or by directly editing the server's config.xml file.For information on configuring two-way SSL through the WebLogic Server console see Configuring Two-Way SSL in the WebLogic Server 8.1 documentation.
You can also configure WebLogic Server for two-way SSL by directly editing the server's config.xml file. (config.xml is in your server's root directory. For instance, the config.xml file for SamplesApp, which is part of the Workshop domain, is located at BEA_HOME\weblogic81\samples\workshop\config.xml.)
You enable two-way SSL by setting the TwoWaySSLEnabled attribute to true in the <SSL> element of the config.xml.
<SSL Enabled="true" TwoWaySSLEnabled="true" IdentityAndTrustLocations="KeyStores"
ListenPort="7002" Name="cgServer"/>
Note that enabling two-way SSL does not enforce two-way SSL. If you merely enable two-way SSL, the server will request a digital certificate from the client, but if one is not provided, the SSL session will continue.
You enforce two-way SSL by setting both the TwoWaySSLEnabled and ClientCertificateEnforced attributes to true.
<SSL TwoWaySSLEnabled="true" ClientCertificateEnforced="true" Enabled="true" IdentityAndTrustLocations="KeyStores"
ListenPort="7002" Name="cgServer"/>
For syntax details on the <SSL> element of config.xml see SSL in the WebLogic Server 8.1 documentation.
When a web resource resides in a server that enforces client certificates, the client can send the certificate by modifying properties on the resource's control file. See Using Controls to Access Transport Secured Resources for details.
When testing Client certification, you may want to use a browser other than the Workshop Test Browser, since this will allow you to control which client certificates are used. To change the browser used in testing, select Tools-->IDE Properties. In the IDE Properties dialog, click Browser. In the Browser path field, enter the path to the browser you wish to use, for example, C:\Program Files\Internet Explorer\iexplore.exe. Also, ensure that the check box Use integrated browser for debugging is unchecked.
WebLogic Workshop Documentation
WebLogic Server 8.1 Documentation