Thilo, that would be appreciated by everyone using WSS4J. We never really digged into the topic of certificate management etc.
REgards, Werner > -----Ursprüngliche Nachricht----- > Von: Thilo Frotscher [mailto:[EMAIL PROTECTED] > Gesendet: Donnerstag, 25. August 2005 19:57 > An: fx-dev@ws.apache.org > Betreff: Thanks, guys! > > > Hi everybody, > > I'd like to send many thanks to all developers of WSS4J > and to all other guys contributing to this mailing list > who helped us solving our interop problems with WSE. > > Working together with a very smart .NET expert we > eventually managed to make our sample application work. > > It turned out that WSS4J works GREAT - once you found > out *how* you have to configure both sides to make > interop work. Apart from software or configuration > issues, it turned out that certificates are a > particular reason for severe headaches. Most > tutorials or examples you can find online use > certificates that were somehow provided by somebody. > However, if you want to use your own certificates, > it takes quite a long time to figure out what > criteria these certificates have to meet to work > with both WSE and WSS4J. Two of the most important > prerequisites: use X509v3 certificates (not v1) > that contain a SKI (Subject Key Identifier) and > don't use keytool to create your certificates. > Use openSSL instead. > > Once I find some spare time, I'll write down some > kind of step-by-step tutorial on how to create > interoperable apps with WSS4J and WSE and publish > it. > > Thanks again! > Thilo >