Thank you so much for your posting.
I've skipped step 1 and 2 because I thought client certificate has been provided to us by our webservice provider(WSDL) for testing purpose. So there is no need to generate my own(i'm the client in this case) right?
If i generate my own, then what's the point of 'abctest.cer' certificate provided to me by webservice provider?
I can't change/know anything in the server side because i'm just a client who trying to call provider's webservice's function over HTTPS.
So, if the server insist want 2ways SSL, then in my program, there is no way to ignore/skip SSL authentication process......
Answer to your question:
2. My program (client program) use only plain java
stand alone with axis.jar. I generated java source code from a WSDL file by using wsdltojava tool. and then i created a engine to call webservice function. Binding to wsdl is fine, but when my engine calling one of the function, it start doing ssl handshake process, and resulted the server (webservice provider) give me alert 'bad certificate'. No tomcat.
the link you posted earlier, i had read them all and i gained better knowledge on ceritificate but not with this 'bad certificate' error though.
So what's next shall i do ?