You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by Guy Rixon <gt...@ast.cam.ac.uk> on 2005/08/09 13:24:38 UTC

Signature-verification problem in WSS4J

Hi,

I have a problem with WSS4J 1.0.0. I'm trying to use WSDoAllReceiver to sign a
message and WSDOAllSender to versify the signature. It works if I give the
server a keystore that contains the senders entire certificate chain. It fails
if I give the server a keystore containing just the certificate for the
sender's CA.

Looking in WSSecurityEngine, and truning on the debug log, it
seems that the WSS4J library-code is trying to get the CA certificate by first
finding the user's personal certificate (by serial number) _in the server's
keystore_. It's calling

  getAliasForX509Cert(String issuer, BigInteger serialNumber, true)

on Merlin. This can't work when the server only has the CA certificate.

Maybe I've got it wrongly configured (again). Is there some setting I need to
make s.t. the server trusts all certificates from a given CA?

Cheers,
Guy

Guy Rixon 				        gtr@ast.cam.ac.uk
Institute of Astronomy   	                Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA		Fax: +44-1223-337523