signature verification failing

Mon, 06 Oct 2008 15:22:02 -0700 

Hi,

 

I am using axis2_http_server distributed with axis2c release as the
server. Both web services client and http_server are running on same
Linux server. Both client and server have separate AXIS2C_HOME
locations. I am trying to test the signature verification feature.

 

Client's policy.xml settings

 

Signature related settings are as below;

            <rampc:RampartConfig
xmlns:rampc="http://ws.apache.org/rampart/c/policy";>

 
<rampc:ReceiverCertificate>/usr/local/CA/svccert.pem</rampc:ReceiverCert
ificate>

 
<rampc:Certificate>/usr/local/CA/clientcert.pem</rampc:Certificate>

 
<rampc:PrivateKey>/usr/local/CA/clientkey.pem</rampc:PrivateKey>

            </rampc:RampartConfig

 

Service.xml for the service

 

Signature related settings at the service are as below;

 

                <rampc:RampartConfig
xmlns:rampc="http://ws.apache.org/rampart/c/policy";>

 
<rampc:Certificate>/usr/local/CA/svccert.pem</rampc:Certificate>

 
<rampc:PrivateKey>/usr/local/CA/svckey.pem</rampc:PrivateKey>

                </rampc:RampartConfig>

 

Certificate Generation

 

I used following steps to generate a pair of certificates clientcert.pem
and clientcert.key for the web services client and svccert.pem and
svccert.key for the service. I used CA.pl distributed with opnssl
package for generation of the certificate

1.      Create the directory for CA and copy CA.pl and openssl.cnf files
2.      Create a certificate authority -- sudo ./CA.pl -newca  
3.      create new key file using sudo openssl req -x509 -nodes -days
365 -newkey rsa:1024 -keyout newkey.pem -out newreq.pem
4.      create a certificate request file using sudo openssl req -new
-key newkey.pem -out newreq.pem
5.      sign the certificate using sudo ./CA.pl -sign
6.      I repeated steps 2 through 5 to generate clientcert.pem and
svccert.pem

 

Separately, I also tried using CA.pl options CA.pl sudo ./CA.pl -newreq
and sudo ./CA.pl -sign to generate certificates for testing.

 

On both attempts as well as on other tests, I am getting OXS ERROR
[xml_signature.c:687 in oxs_xml_sig_verify_sign_part] Signature
verification failed, Digest verification failed for node Id=
#SigID-c878c702-93e6-1dd1 error.

 

Could you tell me what I am doing incorrectly? I appreciate your help in
resolving this issue.

 

Regards,

Raghu Udupa

Reply via email to