I created a JAXWS webservice from wsdl using wsdlc ANT task and deployed in Weblogic 10.3.0. And we have Sun one Java Server 7.0 where Verisign Server certificate is installed and configured to forward the webservice requests to weblogic.

I created a JAXWS client using wsimport ant task to invoke the webservice. When running the client using https URL I can see xml request in weblogic and webservice is processed successfully. But I couldnt able to find any evidence of x509 certificate in the xml request/response. Do I need to do anything on the client side apart from generating the stubs using wsimport? FYI when viewing the wsdl through the browser I can see the certificate details through the browser.

What you connect to WebService via HTTPS, your client and server do x509 certificate exchange. This is something performed on connection level, wsimport has nothing to do with that. If you want to use x509 certificates on that level, you need to dig into Java HTTPS client certificate authentication / Java client for the X.509 secured web-service and on the server side Securing WebLogic Server: Configuring SSL.

Alternatively you can step one level down: use HTTP protocol to connect to server and perform encryption / signing / authentication on SOAP level. Then refer User authenticate in SOAP or Using JAX-WS-Based Web Services with SSL for Metro/JAX-WS services, WS-Security for Apache CXF, Spring Security With X.509 Certificate for Spring Security – depending on what framework you will choose.

I am able to verify the SSL handshake using -Djavax.net.debug=all. I didnt modify my client to include truststore and it is not needed if the certificate is signed by a trusted CA.