HI,
I have discovered you do not need to use OpenSSL if you make sure your keystore password matches the Glassfish password.
I have attached a script that uses only keytool to create a keystore, import it into the Glassfish keystore, and create a client certificate, which you can hand off to a third party to access your service. In my case I have a vendor using .net and my generated certificate to access my secure Java web service.
[Message sent by forum member 'mpachis' (mpachis)]
http://forums.java.net/jive/thread.jspa?messageID=348530