I've got a Flex app which provides a front-end for doing basic CRUD db operations. The app is served up from a Tomcat/Blaze server using 2-way authentication and uses Java objects to do the server-side db work. Serving the app works fine. The problem arises when the data components in the app try to call back to the server to pull data from the db. The HttpService template needs to be https://... but the call cannot complete because Flex does not provide a certificate to the server as the browser does.
Using http://... works fine but then the db data is sent in the clear (which is very bad).
What is the standard way to solve this problem? Is there a way to get Flex to use the same cert that the browser provided?