Hi Raghu,
Can you attach the following to investigate the issue?
(1) Request
(2) Reply
(3) Client Log file
(4) Server Log file
(5) Client policy file
(6) Server policy file
Regards,
Shankar
Raghu Udupa wrote:
Hi,
I am using axis2_http_server distributed with axis2c release as the
server. Both web services client and http_server are running on same
Linux server. Both client and server have separate AXIS2C_HOME
locations. I am trying to test the signature verification feature.
*Client’s policy.xml settings*
* *
Signature related settings are as below;
<rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy";>
<rampc:ReceiverCertificate>/usr/local/CA/svccert.pem</rampc:ReceiverCertificate>
<rampc:Certificate>/usr/local/CA/clientcert.pem</rampc:Certificate>
<rampc:PrivateKey>/usr/local/CA/clientkey.pem</rampc:PrivateKey>
</rampc:RampartConfig
*Service.xml for the service*
* *
Signature related settings at the service are as below;
<rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy";>
<rampc:Certificate>/usr/local/CA/svccert.pem</rampc:Certificate>
<rampc:PrivateKey>/usr/local/CA/svckey.pem</rampc:PrivateKey>
</rampc:RampartConfig>
*Certificate Generation*
* *
I used following steps to generate a pair of certificates
clientcert.pem and clientcert.key for the web services client and
svccert.pem and svccert.key for the service. I used CA.pl distributed
with opnssl package for generation of the certificate
1. Create the directory for CA and copy CA.pl and openssl.cnf files
2. Create a certificate authority -- *sudo ./CA.pl –newca*
3. create new key file using sudo *openssl req -x509 -nodes -days
365 -newkey rsa:1024 -keyout newkey.pem -out newreq.pem*
4. create a certificate request file using sudo *openssl req -new
-key newkey.pem -out newreq.pem*
5. sign the certificate using *sudo ./CA.pl –sign*
6. I repeated steps 2 through 5 to generate clientcert.pem and
svccert.pem
Separately, I also tried using CA.pl options CA.pl *sudo ./CA.pl
–newreq *and *sudo ./CA.pl –sign *to generate certificates for testing.
On both attempts as well as on other tests, I am getting *OXS ERROR
[xml_signature.c:687 in oxs_xml_sig_verify_sign_part] Signature
verification failed, Digest verification failed for node Id=
#SigID-c878c702-93e6-1dd1 *error.
Could you tell me what I am doing incorrectly? I appreciate your help
in resolving this issue.
Regards,
Raghu Udupa
--
S.Uthaiyashankar
Software Architect
WSO2 Inc.
http://wso2.com/ - "The Open Source SOA Company"
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
