I was referring to your article available at the following link.

http://wso2.org/library/174

and

http://wso2.org/library/255

One thing that i need clarification on was that why do we need to import the client certifcate in to our key store when the consumer of the web service would provide it's certifcate in soap message itself.
I looked at the certifcates also which have been provided along with the samples of rampart and when i used the following command

keytool -list -v -keystore service.jks -storepass apache

i saw that there are three enteries

Alias name: service
Creation date: Jul 21, 2006
Entry type: keyEntry
Certificate chain length: 2

Alias name: ca
Creation date: Jul 21, 2006
Entry type: trustedCertEntry

Alias name: client
Creation date: Jul 21, 2006
Entry type: trustedCertEntry

so it shows that there exists a client certifcate too.
The key store still has the private key but it is hidden right?
what does Certificate chain length: 2 mean?

Now coming to the main question

We are getting our testing certificates from comodo (www.comodo.com)

they have mentioned the instructions to generate the key pair as follows

https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=3&nav=0,1

This article talks about using an openssl to create the key pair

now if i have to maintain a key store in the similar fashion described in your article how should we go about doing that?

I looked at the keytool utility provided by JDK and it does not show how to import the private key into the key store that would be generated from the link specified above. Any help would really be appreciated.

Thanks
Vibhor

_______________________________________________
Identity-dev mailing list
Identity-dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev