I have been asked to sign a
soap message using a certificate that includes a private key. I am very new to this so i have a few questions that i hope someone might be able to clarify.
1. I am using Axis2 and Rampart to digitally sign the SOAP message. I am slightly confused as to whether i need to modify the WSDL file of the service i am supposed to connect to.
According to the AXIS2 guide, i have to update the WSDL file with things like policies etc before i generate the code stubs. Does this mean that i have to download the WSDL file of the service i want to connect to and modify it then use the modified version to create the client stubs?
I had a look at the WSDL file and it does not include anything related to digitally signing the request. Do i have to do this myself by modifying the WSDL file?
2. The Axis2 guide explains how to use a certificate that is in a keystore. The certificate that was sent to me was sent in a PKCS12 file. Can i still use this as it is or do i have to extract the certificate/private key from the PKCS12 file and store it in a keystore before i use it with Rampart?
3. Is there a way i can see the actual SOAP messages(other than using TCPMON)?
Any help will be greatly appreciated.