A: Not 100% securely over the internet, but there are a few options
So you have to work with a web service over SSL? In order to get this to work you are going to need a certificate to import into your local key store using the keytool command.
The problem is that communication over the internet can be very easily intercepted so ideally you would receive the certificate in person from the provider preferably with the providers parents and partner there to verify the authenticity of the certificate.
Having said that if you are not entirely paranoid you can normally rely on a certificate that is signed by a root authority. Your web browser will do a reasonable job of checking this and just accepting the certificate that the server gives out is likely to be secure enough for most low key operations. You would probably want to be more paranoid if you are exchanging millions of pounds.
The question comes as to how do I get hold of this in a handy format that I can then pass into the keytool? Well the first and easiest way is to ask your web browser although sadly this trick only works for IE7. So connect to the endpoint you are going to work with or just request the WSDL over SSL. Then click on the padlock icon in the url status bar and view the certificate. Then travel to the "Details" page and voila there is a "Copy To File..." button which invokes a wizard to generate a .CER file that keytool with understand.
So how do you do the same trick from Java? Well it is easy enough to get a list of server side certificates using java and write the first one directly into the key store:
public static void main(String args)
assert args.length == 3 : "Should have three parameters keystore, password, site";
File keystoreFile = new File(args);
char password = args.toCharArray();
URL url = new URL(args);
// Load the keystore
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
new BufferedInputStream(new FileInputStream(keystoreFile)),
// Create a connection
HttpsURLConnection con = (HttpsURLConnection) url.openConnection();
Certificate certs = con.getServerCertificates();
// Get the first certificate
Certificate firstCert = certs;
// Store the keystore
new FileOutputStream(keystoreFile)), password);
Again this is a way of getting a certificate is not 100% secure; but might well do for a bit of development. Also it is probably the only choice when dealing with entities such as google or amazon.
For more fun and games with HTTPS check out Tug's Blog on the topic of configuring HTTPS in oc4j and on the client side.