You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Guy Rixon <gt...@ast.cam.ac.uk> on 2005/08/04 18:40:56 UTC
Certificate chain not read from keystore
I have a problem with my PKCS12 keystore. When Merlin loads ths store it finds
the alias for my credentials but java.security.KeyStore insists that the entry
for that alias is a "key entry" and has no certificate chain. Using other
tools, I can show that the alias does have a valid certificate chain. It
seems that the Java keystore class is either buggy or has strict and
undocumented rules about how PKCS#12 format can be used. Can anybody advise?
This relates to the "unexpected number of X.509 data" error reported
yesterday.
Thanks,
Guy
Guy Rixon gtr@ast.cam.ac.uk
Institute of Astronomy Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
Re: Certificate chain not read from keystore
Posted by Guy Rixon <gt...@ast.cam.ac.uk>.
Following up on my last post, I find that java.security.KeyStore will not read
my certificate chain from a PKCS#12 store when called from a test programme.
This problem is nothing to do with Merlin or WSS4J but may hinder other users
of WSS4J so may need to be documented in the WSS4J pages.
If I convert my keystore to type JKS, by exporting the certificate chain and
private key from the PKCS#12 store and reimporting, then
java.security.KeyStore can read the certificate chain. With this store,
WSDoAllSender runs successfully and signs the SOAP messages.
On Thu, 4 Aug 2005, Guy Rixon wrote:
> I have a problem with my PKCS12 keystore. When Merlin loads ths store it finds
> the alias for my credentials but java.security.KeyStore insists that the entry
> for that alias is a "key entry" and has no certificate chain. Using other
> tools, I can show that the alias does have a valid certificate chain. It
> seems that the Java keystore class is either buggy or has strict and
> undocumented rules about how PKCS#12 format can be used. Can anybody advise?
>
> This relates to the "unexpected number of X.509 data" error reported
> yesterday.
>
> Thanks,
> Guy
>
> Guy Rixon gtr@ast.cam.ac.uk
> Institute of Astronomy Tel: +44-1223-337542
> Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
>
Guy Rixon gtr@ast.cam.ac.uk
Institute of Astronomy Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523