The keystore is your identity, so you put your cert in the keystore. The truststore contains all of the certs that you allow to talk to you.
There is a good wiki page that talks about this from an SSL standpoint, but WS-Security is largely the same.
I've a big difficult in jboss ws-security.
If I use another keystore and trustore the exception is "Path does not chain with any of the trust anchors".
The steps I followed to create the trustore and the keystore are:
1. keytool -genkey -v -keyalg RSA -keystore KeyStore.keystore
2. keytool -selfcert -keystore KeyStore.keystore
3. keytool -certreq -file client.crs -keystore KeyStore.keystore
3. openssl ca -in client.crs -out client.pem -keyfile ca.key
4. openssl x509 -in client.pem -out client.cer
5. keytool -import -file client.cer -keystore TrustStore.truststore
Where is my mistake?