> I am using keytool command to generate the certificates, currently i > am using RSA algorithm. > We are planning to change this to AES
You can't do that. (Well, actually, you can, but it means that anyone who can verify the certificate can also generate their own counterfeit that is impossible to detect. You probably need to read some intro material on crypto. /r$ -- SOA Appliances Application Integration Middleware ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]