2 Replies Latest reply on Oct 30, 2006 1:15 PM by fguagnel

WS-Security keystore and truststore

acxjbertr Oct 18, 2006 2:55 PM

Can anyone provide information on how to generate the keystore and truststore for WS-Security?

I have an example working with the wsse.keystore and wsse.truststore (that comes in the JBossWS sample) which requires an x509v3 signature on the Web Service invocation, but now I want to create my own.

Questions I have:

Do I need to use openssl or sun's keytool?
When I generate my x509v3 cert, where do I put it? In the keystore or in the truststore?
What exactly is the keystore for?
Does the client and the server use the same keystore and truststore?

Thanks!

1. Re: WS-Security keystore and truststore

jason.greene Oct 26, 2006 7:30 PM (in response to acxjbertr)

The keystore is your identity, so you put your cert in the keystore. The truststore contains all of the certs that you allow to talk to you.

There is a good wiki page that talks about this from an SSL standpoint, but WS-Security is largely the same.

http://wiki.jboss.org/wiki/Wiki.jsp?page=SSLSetup

-Jason
Actions
2. Re: WS-Security keystore and truststore

fguagnel Oct 30, 2006 1:15 PM (in response to acxjbertr)

Hi Jason!
I've a big difficult in jboss ws-security.
If I use another keystore and trustore the exception is "Path does not chain with any of the trust anchors".
The steps I followed to create the trustore and the keystore are:

1. keytool -genkey -v -keyalg RSA -keystore KeyStore.keystore

2. keytool -selfcert -keystore KeyStore.keystore

3. keytool -certreq -file client.crs -keystore KeyStore.keystore

3. openssl ca -in client.crs -out client.pem -keyfile ca.key

4. openssl x509 -in client.pem -out client.cer

5. keytool -import -file client.cer -keystore TrustStore.truststore

Where is my mistake?
Actions

Go to original post