> ==========================
> Date: Tue, 05 Apr 2005 09:21:58 +1000
> From: jagan <Jagan.Kommineni_at_infotech.monash.edu.au>
> [CUT]
> application. When I try to generate keystore and truststore using
> keytool and openssl based on
> "http://www.devx.com/Java/Article/10185/1954?pf=true", I am facing
> problems. As these stores are based on version 1 of x.509. I
> suspect
> XWS-Security requires V3 certificates.
Yes, AFAIK XWS requires V3 certificates (though I heard there has been some discussion in the past months within the OASIS working group about adding the support for x509v1)
> I will be grateful if any body could give me some details for
> establishing new certificates based on v3 .
If you are facing problems with keytool/openssl, the fastest way to get your target coulb be to use a frontend like "Keystore Explorer" (you can get a free trial somewhere on internet), then you can use its GUI to do the following steps:
1- create a new jks keystore
2- generate a new key pair
3- create a CSR bound to the previous key
4- send the CSR to some CA (e.g. you can do it for free from the Verisign site)
5- import the CA certificate (e.g. for Verisign you can download it from their site) in your trustore
6- import the certificate that will be sent back to you from the CA you sent the CSR to in your keystore