Creating a client keystore and exporting the public key as a certificate

Create a keystore for the client and export the public key as a client certificate that SOAP Gateway can use to verify that the client is trusted.

Client authentication requires server authentication. You must have completed the following steps first:

Create a keystore for SOAP Gateway that contains a private and public key pair and export it as a server certificate
Create a client truststore, and import the SOAP Gateway server certificate.

To create a Java keystore on the client and export the public key:

Create a keystore by using a Key management tool such as Ikeyman or Keytool. In a command console, enter the following command:

keytool -genkey -alias client.keystore -dname 
"CN=SOAP Gateway Client Keystore OU=IBM SWG, O=IBM, C=US" 
-keyalg RSA -keypass password -storepass password 
-keystore "/path/to/cient.keystore.ks"

Export the public key from the client keystore (client.keystore.ks) as a certificate.
```
keytool -export -alias client.keystore -storepass password 
-file "/path/to/client.keystore.cer" 
-keystore "/path/to/client.keystore.ks"
```
Tip: You can have the certificate signed by a Certificate Authority (CA), such as VeriSign, or create your own CA by using software such as OpenSSL to sign your own (self-signed) certificate.