You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Andrew Kinard <ak...@cisco.com> on 2005/08/05 01:15:42 UTC
Problems with wss4j/keys directory keystore scripts
Hello all,
I am having trouble creating my own keystore certs. I have attempted
to use the genKeystore.sh, genCertRequest.sh, and
signConvertImportCert.sh scripts, but I have yet to create a cert
that works. I started out using x509.PFX.MSFT and then changed my
client and server wsdd files and crypto.properties files
accordingly. When I attempt to use my own keystore created with the
keys *.sh scripts I get the following debug messages.
I think the "No alias found for subject from issuer..." is the one
that concerns me.
Has anyone seen this behavior before? Are there scripts available
for creating a suitable pkcs12 using only openssl and not keytool?
Regards,
Andrew Kinard
AK;-)
---------
18:59:04,424 DEBUG [WSDoAllReceiver] WSDoAllReceiver: Transmitted
certificate has subject CN=CommitArchCert
18:59:04,426 DEBUG [WSDoAllReceiver] WSDoAllReceiver: Transmitted
certificate has issuer CN=CommitArch_CA (serial 18)
18:59:04,432 DEBUG [WSDoAllReceiver] No alias found for subject from
issuer with CN=CommitArch_CA (serial 18)
18:59:04,436 DEBUG [WSDoAllReceiver] No aliases found in keystore for
issuer CN=CommitArch_CA of certificate for CN=CommitArchCert
----------
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}
Server.generalException
faultSubcode:
faultString: WSDoAllReceiver: The certificate used for the signature
is not trusted
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:WSDoAllReceiver: The
certificate used for the signature is not trusted
at org.apache.ws.axis.security.WSDoAllReceiver.invoke
(WSDoAllReceiver.java:297)
at org.apache.axis.strategies.InvocationStrategy.visit
(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.strategies.InvocationStrategy.visit
(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.handlers.soap.SOAPService.invoke
(SOAPService.java:453)
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:
281)
at org.apache.axis.transport.http.AxisServlet.doPost
(AxisServlet.java:699)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.axis.transport.http.AxisServletBase.service
(AxisServletBase.java:327)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter
(ApplicationFilterChain.java:173)
...
---------
Re: Problems with wss4j/keys directory keystore scripts
Posted by Werner Dittmann <We...@t-online.de>.
Andrew,
thses scripts are _not_ tested or are part of the WSS4J library
software.
They are just examples how you may create certificates et al. To
create certificates you may have to look into the openSSL docs,
Java keystore decriptions etc first.
Regards,
Werner
PS: to mee it seems that the CA certificate was not imported into
the keystore using the "trusted certificate import" mechanism.
Werner
Andrew Kinard schrieb:
> Hello all,
>
> I am having trouble creating my own keystore certs. I have attempted
> to use the genKeystore.sh, genCertRequest.sh, and
> signConvertImportCert.sh scripts, but I have yet to create a cert that
> works. I started out using x509.PFX.MSFT and then changed my client
> and server wsdd files and crypto.properties files accordingly. When I
> attempt to use my own keystore created with the keys *.sh scripts I get
> the following debug messages.
> I think the "No alias found for subject from issuer..." is the one that
> concerns me.
>
> Has anyone seen this behavior before? Are there scripts available for
> creating a suitable pkcs12 using only openssl and not keytool?
>
> Regards,
> Andrew Kinard
> AK;-)
>
>
> ---------
> 18:59:04,424 DEBUG [WSDoAllReceiver] WSDoAllReceiver: Transmitted
> certificate has subject CN=CommitArchCert
> 18:59:04,426 DEBUG [WSDoAllReceiver] WSDoAllReceiver: Transmitted
> certificate has issuer CN=CommitArch_CA (serial 18)
> 18:59:04,432 DEBUG [WSDoAllReceiver] No alias found for subject from
> issuer with CN=CommitArch_CA (serial 18)
> 18:59:04,436 DEBUG [WSDoAllReceiver] No aliases found in keystore for
> issuer CN=CommitArch_CA of certificate for CN=CommitArchCert
> ----------
>
> AxisFault
> faultCode: {http://schemas.xmlsoap.org/soap/envelope/}
> Server.generalException
> faultSubcode:
> faultString: WSDoAllReceiver: The certificate used for the signature is
> not trusted
> faultActor:
> faultNode:
> faultDetail:
> {http://xml.apache.org/axis/}stackTrace:WSDoAllReceiver: The
> certificate used for the signature is not trusted
> at org.apache.ws.axis.security.WSDoAllReceiver.invoke
> (WSDoAllReceiver.java:297)
> at org.apache.axis.strategies.InvocationStrategy.visit
> (InvocationStrategy.java:32)
> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
> at org.apache.axis.strategies.InvocationStrategy.visit
> (InvocationStrategy.java:32)
> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
> at org.apache.axis.handlers.soap.SOAPService.invoke
> (SOAPService.java:453)
> at org.apache.axis.server.AxisServer.invoke(AxisServer.java: 281)
> at org.apache.axis.transport.http.AxisServlet.doPost
> (AxisServlet.java:699)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> at org.apache.axis.transport.http.AxisServletBase.service
> (AxisServletBase.java:327)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
> (ApplicationFilterChain.java:252)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter
> (ApplicationFilterChain.java:173)
> ...
> ---------
>