we are having bit of good-old "certificate nightmare".
Customer has a RESTful WS running on a server, certificates are issued for clients which want to communicate with that server. We have made Keystore(containing ClientCert) and Truststore (containing public keys of our customer's CAs).
we added general JVM properties when starting tomcat
When I create a service which tries to LoadXML from URL (https) I am getting an error (basically 403). And by looking vie Wireshark it seems that Keys are not exchanged during the negotiation phase. Same if I choose to ignore SSL errors (just to test if CAs are failing to recognize the Server as trusted).
Buttomline, Thingworx servise should act as a Client of that WS, where is the catch when including client certificate for Thingworx to authenticate against other servers?