For SSL/TLS client authentication (the client needs to present a certificate to the server), the following properties need to be set in the JVM software running the SSL/TLS client:
-Djavax.net.ssl.keyStore |
Defines the full path to the keystore containing the client certificate and private key. This may be the same as that defined in Server Certificate Authentication. |
-Djavax.net.ssl.keyStoreType |
Takes a value of JKS. |
-Djavax.net.ssl.keyStorePassword |
Specifies the password to the keystore. |
On the SSL/TLS server side, the client's CA certificate needs to be imported into the web container's keystore and marked as a trusted issuer of client certificates.