Hey,

Looking at the Summer '08 Apex dev guide re setting up two-way SSL in WebSvc callouts.  The instructions are as follows (pp. 144-146 of the guide):

1. Set up your Web server to request the SSL client certificate.
2. Generate a PKCS12 key store with your client certificate.
3. Verify that the server's trust keystore contains/accepts your client certificate
4. Encode your client certificate keystore in base64 and assign it to a variable on the stub (in this case, clientCert_x).

Steps 1 thru 3 are done on the web server (the callout endpoint), is that correct?

Step 4 is the key one.  There's an example in the doc right after these steps, that purports to work with the sample WSDL file shown a page or two further down.  The example refers to two stub variables:  'clientCert_x' (as in the instructions) and 'clientCertPasswd_x'.  These are nowhere to be found in the sample WSDL nor its derived Apex stub class.

Presumably these variables, minus the '_x' suffixes, need to appear in the WSDL from the WebSvc endpoint as header variables, is that correct?  Is this something that falls naturally out of the first three steps above (plus a re-generation of the WSDL itself)?  You can't just go in and modify the stub class and add these variables manually, surely, as they will have no meaning to whatever consumes the class.

Thanks!  Would like to hit the ground running on this, when Summer '08 makes its production debut.

-philbo