Finally I think I've solved my problem.
Initially I thought, that the client needs to have the transport binding assertion in it's policy in order to communicate with the webservice over SSL. I also thought, that without such an assertion ramp:sslConfig
statements will be ignored.
The truth is, that you don't need transport binding assertion to make it possible to communicate over SSL, you need them to make it required. If there are no such assertions in your client's policy, but the endpoint is requiring SSL connection, the client will still try to establish it and if necessary, look for javax.net.ssl.trustStore
and javax.net.ssl.trustStorePassword
variables configured in policy's ramp:sslConfig
tags, or in other ways (via JVM arguments, or programmatically).
So in my case the solution was to leave the asymmetric binding assertion unchanged and only configure the trustStore, without adding any transport binding assertion.
Still it remains unclear to me why wouldn't rampart let you use the two kinds of assertion in one policy.