I have a client-server app that is required to communicate via SSL Mutual Authentication. Client and server both run on seperate Jboss instances on different hosts.
Based on what I gather, there are two ways of doing this authentication.
1. Leverage Jboss SSL authentication and set clientAuth=true in the HTTPS connector (server.xml)
2. Create my own SSLScoket and set useClientMode=false
Im using HTTPClient for creating connection between client and server. Does anyone know which method is better (or more secure) ?