You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Guy Rixon <gt...@ast.cam.ac.uk> on 2005/08/09 13:24:38 UTC
Signature-verification problem in WSS4J
Hi,
I have a problem with WSS4J 1.0.0. I'm trying to use WSDoAllReceiver to sign a
message and WSDOAllSender to versify the signature. It works if I give the
server a keystore that contains the senders entire certificate chain. It fails
if I give the server a keystore containing just the certificate for the
sender's CA.
Looking in WSSecurityEngine, and truning on the debug log, it
seems that the WSS4J library-code is trying to get the CA certificate by first
finding the user's personal certificate (by serial number) _in the server's
keystore_. It's calling
getAliasForX509Cert(String issuer, BigInteger serialNumber, true)
on Merlin. This can't work when the server only has the CA certificate.
Maybe I've got it wrongly configured (again). Is there some setting I need to
make s.t. the server trusts all certificates from a given CA?
Cheers,
Guy
Guy Rixon gtr@ast.cam.ac.uk
Institute of Astronomy Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523