I'll add my own two cents to this (I was going to do a new post but found this one). The only way that I can get WS-Security encryption to work is if I place the private key into the keystore in both the client and the server. If either one has a public key, it complains with the error: org.jboss.ws.extensions.security.WSSecurityException: Problems retrieving private key: Private key (XXX) not in keystore This appears to be a major flaw if both the client and the server have to have the private key available, I would think that the public key would be sufficient for one side. I cannot imagine a company that provides a Web service willingly giving out the private key for that Web service. Or a second company that wants to use said web service providing its private key to the first company. Any thoughts on this or am I just doing it wrong. (I will post the config files on request, but they are pretty much what appears at http://jbws.dyndns.org/mediawiki/index.php/JAX-WS_User_Guide#WS-Security, though substitute 'encrypt' for 'sign'. I think I tried 'sign' also and it had the same problem.) I am using JBossWS 1.2.0.GA View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4032593#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...