You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by Richard DeGrande <RD...@co.jefferson.co.us> on 2007/07/05 21:31:12 UTC

Unexpected number of X509Data: for encryption

Hi,

I keep getting the above error when making a request.  This started after I added 

<parameter name=''encryptionUser" value="useReqSigCert" >

My key contains one alias that is has a chain length of 2 (the private key and certificate)...

Keystore type: jks
Keystore provider: SUN
 
Your keystore contains 1 entry
 
Alias name: webservice
Creation date: Jun 27, 2007
Entry type: keyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=webservice, OU=Weblogic, O=some company, L=Golden, ST=Colorado, C=US
Issuer: EMAILADDRESS=test@unixmail.com.somecompany, CN=somecompany, O=webservice, L=Golden, ST=Colorado, C=US
Serial number: 26
Valid from: Wed Jun 27 10:45:06 MDT 2007 until: Sat Jun 24 10:45:06 MDT 2017
Certificate fingerprints:
         MD5:  DF:15:17:4C:B1:93:B6:83:A1:3B:60:83:2D:B8:36:8B
         SHA1: 48:9E:5E:97:23:8C:1D:A4:95:97:8E:73:0A:C7:84:00:18:25:17:BD
Certificate[2]:
Owner: EMAILADDRESS=test@unixmail.com.somecompany, CN=somecompany, O=webservice, L=Golden, ST=Colorado, C=US
Issuer: EMAILADDRESS=test@unixmail.com.somecompany, CN=somecompany, O=webservice, L=Golden, ST=Colorado, C=US
Serial number: 0
Valid from: Tue Mar 01 11:15:08 MST 2005 until: Fri Feb 27 11:15:08 MST 2015
Certificate fingerprints:
         MD5:  37:60:62:2D:6B:E8:FA:71:D9:F6:DA:9B:B4:2E:B0:C5
         SHA1: 43:AD:25:98:1F:42:71:B8:54:15:48:04:06:59:28:E7:90:6F:51:07


What is the cause of this error ?

thanks in advance
 


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org

RE: Unexpected number of X509Data: for encryption

Posted by Jorge Fernandez <in...@yahoo.es>.

Hi Richard,

As far as I know, that with the line on the services.xml 
<parameter name=''encryptionUser" value="useReqSigCert" >

you are telling the service that for encrypting the message it has to
use the key or the reference that the client sent on the message.

If in the client you don't define the signatureKeyIdentifier or you have

<signatureKeyIdentifier>IssuerSerial</signatureKeyIdentifier>

or 

<signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>

You need to have the client's public key in the services keystore because
with these definitions, the client sends a reference to the public key and 
not the key itself.


If, instead you put in the client the line:

<signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>

the client will send the key and you don't have to import it at the service
keystore.

The default option is IssuerSerial.

Hope this will help you

Regards,

Jorge Fernández



Richard DeGrande <RD...@co.jefferson.co.us> escribió: Hi,

I keep getting the above error when making a request.  This started after I added 




My key contains one alias that is has a chain length of 2 (the private key and certificate)...

Keystore type: jks
Keystore provider: SUN
 
Your keystore contains 1 entry
 
Alias name: webservice
Creation date: Jun 27, 2007
Entry type: keyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=webservice, OU=Weblogic, O=some company, L=Golden, ST=Colorado, C=US
Issuer: EMAILADDRESS=test@unixmail.com.somecompany, CN=somecompany, O=webservice, L=Golden, ST=Colorado, C=US
Serial number: 26
Valid from: Wed Jun 27 10:45:06 MDT 2007 until: Sat Jun 24 10:45:06 MDT 2017
Certificate fingerprints:
         MD5:  DF:15:17:4C:B1:93:B6:83:A1:3B:60:83:2D:B8:36:8B
         SHA1: 48:9E:5E:97:23:8C:1D:A4:95:97:8E:73:0A:C7:84:00:18:25:17:BD
Certificate[2]:
Owner: EMAILADDRESS=test@unixmail.com.somecompany, CN=somecompany, O=webservice, L=Golden, ST=Colorado, C=US
Issuer: EMAILADDRESS=test@unixmail.com.somecompany, CN=somecompany, O=webservice, L=Golden, ST=Colorado, C=US
Serial number: 0
Valid from: Tue Mar 01 11:15:08 MST 2005 until: Fri Feb 27 11:15:08 MST 2015
Certificate fingerprints:
         MD5:  37:60:62:2D:6B:E8:FA:71:D9:F6:DA:9B:B4:2E:B0:C5
         SHA1: 43:AD:25:98:1F:42:71:B8:54:15:48:04:06:59:28:E7:90:6F:51:07


What is the cause of this error ?

thanks in advance
 


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org




       
---------------------------------

Sé un Mejor Amante del Cine
¿Quieres saber cómo? ¡Deja que otras personas te ayuden!.