Hi Ludo,
With Option one you can set a certificate in java action, which is not necessary you have to call a web service from Java it self.
You can follow the steps to call the
1) You can send a SOAP Request xml, Certificate and password to Java to Sign this request.
2) Read all the Signed request headers vulues and populate Return Object
3) You can sign only body of request so that even if you change headers from mendix it should work or you can used complete Signed xml request(Return XML as string from JAVA)
DOMSignContext dsc = new DOMSignContext(this.getGetPrivateKey(), node);
// Create the XMLSignature, but don't sign it yet.
XMLSignature signature = xmlSigFactory.newXMLSignature(SignedInfo, null);
Core.getLogger("SignXML").info("Signing Document :");
DOMSignContext dsc = new DOMSignContext(this.getGetPrivateKey(), node);
// Create the XMLSignature, but don't sign it yet.
XMLSignature signature = xmlSigFactory.newXMLSignature(si, null);
Core.getLogger("SignXML").info("Signing Document :");
4) Now from mendix you can call the service with certificate which you used to sign(In Java).
Hope this will help for you.
Regards
Sagar