Re: Generating keystores and truststores for jwsdp-1.5 based on

From: Alessio Cervellin <>
Date: Tue, 5 Apr 2005 10:11:54 +0200 (CEST)

> ==========================
> Date: Tue, 05 Apr 2005 09:21:58 +1000
> From: jagan <>
> [CUT]
> application. When I try to generate keystore and truststore using
> keytool and openssl based on
> "", I am facing
> problems. As these stores are based on version 1 of x.509. I
> suspect
> XWS-Security requires V3 certificates.

Yes, AFAIK XWS requires V3 certificates (though I heard there has been some discussion in the past months within the OASIS working group about adding the support for x509v1)

> I will be grateful if any body could give me some details for
> establishing new certificates based on v3 .

If you are facing problems with keytool/openssl, the fastest way to get your target coulb be to use a frontend like "Keystore Explorer" (you can get a free trial somewhere on internet), then you can use its GUI to do the following steps:
1- create a new jks keystore
2- generate a new key pair
3- create a CSR bound to the previous key
4- send the CSR to some CA (e.g. you can do it for free from the Verisign site)
5- import the CA certificate (e.g. for Verisign you can download it from their site) in your trustore
6- import the certificate that will be sent back to you from the CA you sent the CSR to in your keystore