Srikrishna,
I guess you've already done this, but have you created a client side certificate / private key pair using keytool -genkey? As I understood it we needed to generate an arbitrary public/private key pair for the client as well as importing the server certificate to get this to work. Because the communication is secured in both directions the ssl layer needs a public key from each end, if you haven't created a client side cert it won't be able to establish a communication at all with ssl.
It would seem a bit strange for the service provider to be issuing client side certificates, mostly because these are identities to be used by a particular client and as such should be maintained and held by the client rather than being centrally issued. The server then imports your client certificate (I think?) as a trusted cert, or, more usually, uses the information in the certificate chain on the client certificate to implicitly trust it. *NOTE* I am not a java security expert, so this may be completely wrong, it's just my understanding as gleaned from some experience and a lot of web browsing.
It looks like the CN is fine, we were hitting the error earlier than the stage you reached when we had problems. In our case the problem was caused by the CN being set to 'bioplanet' (or similar) but the hostname being bioplanet.ac.jp or somesuch, IE throws up a warning and java raises an exception under this case. I don't actually think this is your problem, this is more to put this on the list archive in case anyone else runs into it :)
HTH,
Tom
