May be I didn't produced my testkeys correctly ? :
keytool -genkey -keystore testkeys

Thanks again for your help !


you probably did, but i think you must add your client certificate the server truststore, but i might have misunderstood this page : (the part about "Creating a Client Certificate for Mutual Authentication" might be of interest to you.
I have build a client that connect "securely" to a secure server using inspiration from code from this url :
(in the Code appendix)

here is the code, modified somehow to get it to connect in a way that the client or the server would not throw an exception

public static void main(String args[]) {
        //String login = "pascal"; //from the original code
        //String password = "mimas";
        //String handle = "";
        SecureXmlRpcClient xmlrpc ;
        try {
            // Install the all-trusting trust manager
            SSLContext sc = SSLContext.getInstance("SSL");
            TrustManagerFactory t = TrustManagerFactory.getInstance("SunX509");
            char[]password ="trustword".toCharArray();
            KeyStore k=KeyStore.getInstance("JKS");
            k.load(new FileInputStream("truststore"),password);
            sc.init(null, t.getTrustManagers(), new;
   hv=new {
                 public boolean verify(String hostname, SSLSession session) {
                     System.out.println("hostname: "+hostname +" vs "+session.getPeerHost());
                     /* this part is commented out because it doesn't do anything [useful / that would work] anyway
                     try{Certificate[] c1 = session.getPeerCertificates();
                         for (int i = 0; i<c1.length;i++ ){System.out.println("public key : "+c1[i].getPublicKey());}}
                     catch(Exception e){e.printStackTrace();}*/
                     System.out.println("WARNING: Hostname is accepted by default(and not even matched for.)");
                     return true;}
            System.out.println("creating URL");
            URL url = new URL("");
            System.out.println("trying to connect to the server securely");
            xmlrpc = new SecureXmlRpcClient(url);
} catch (Exception e) {
//do something to fill the v2 vector
Integer result = (Integer) xmlrpc.execute("addition",v2);
                System.out.println("Java client : " + result);
catch (Exception e)

If there is some error in the code, all comments are welcome.
The part about the hostname verifier is highly dubious anyway, so if you have a better idea, I'm open minded.

On a similar topic, I think writing a tutorial on how to get the f@!:/| Secure xml rpc client and server to work would be a very good idea.