Re: Certificat problem.

[Werner Dittmann <We...@t-online.de>]

Jerome,

keytool cannot generate certificates that adhere to X.509 V3.
Only this version can support SKI. As a solution pls change
the keyidentifier in the WSDD to either Direct or issuername
issuer serial (refer to javadoc os WSHandlerConstants). In both
cases this extension is not needed.

If you are going to wirk with .Net WSE pls have a look in the
archives of the mail list - this topic was discussed some days
(2 weeks or so) ago.

Regards,
Werner

Jérôme PICARD wrote:
> Hello,
> 
> I want to use "UsernameToken Encrypt" to secure my webservice.
> 
> When I use the "interop2.jks" keystore and the user "bob" all works. But
> if I create my own keystore and a certificat, I catch an exception.
> 
> To create the certificat, I use "keytool".
> 
> // Create "ged" certificat in the "serveur" keystore.
> keytool -genkey -alias ged -keyalg RSA -keypass password -storepass
> serveur -keystore serveur.jks
> 
> // Export the public key to a file "gercertificat.cer".
> keytool -export -keystore serveur.jks -alias ged -storepass serveur
> -file gedcertificat.cer
> 
> // Import public key to the client keystore. Client of the WebService.
> keytool -import -alias ged -file gedcertificat.cer -keystore client.jks
> -storepass client
> 
> Do you have some idea about my problem ?
> 
> Thanks,
> 
> _This is the exception :_
> 
> AxisFault
> faultCode:
> {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
> faultSubcode:
> faultString: WSDoAllSender: Encryption: error during message
> processingorg.apache.ws.security.WSSecurityException: An unsupported
> token was provided (Problem with SKI information: Wrong certificate
> version (<3))
> faultActor:
> faultNode:
> faultDetail:
>    {http://xml.apache.org/axis/}stackTrace:WSDoAllSender: Encryption:
> error during message
> processingorg.apache.ws.security.WSSecurityException: An unsupported
> token was provided (Problem with SKI information: Wrong certificate
> version (<3))
>    at
> org.apache.ws.axis.security.WSDoAllSender.performENCRAction(WSDoAllSender.java:455)
> 
>    at
> org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender.java:316)
>    at
> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
> 
>    at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>    at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>    at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
>    at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
>    at org.apache.axis.client.Call.invoke(Call.java:2748)
>    at org.apache.axis.client.Call.invoke(Call.java:2424)
>    at org.apache.axis.client.Call.invoke(Call.java:2347)
>    at org.apache.axis.client.Call.invoke(Call.java:1804)
>    at
> localhost.ServeurWebService.services.WSGed.WSGedSoapBindingStub.putDocument(WSGedSoapBindingStub.java:106)
> 
>    at TestWebService.main(TestWebService.java:54)
> 
> 
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org