So, does we have to create certificates using keytool when we want to implement ws-security also? And how we implement(store) and where those certificates and keys?
Yes, keytool is the tool to use to manage those certificates. This page may be useful for reference. This page also has useful instructions how to deal with certificates.
Here is a description how to use certificates with Axis 2. Other WS engines would use comparable mechanisms; consult their documentation.
Happily living in the valley of the dried frogs with a few tiny ads.
a bit of art, as a gift, the permaculture playing cards