I have a service that I've created with axis/wss4j, and the certificates are created with openssl (I've attached the certificate to this mail). I've tested the service with an axis/wss4j without any problems, but when I tried calling from .NET/WSE2 I ran into problems. From .NET/WSE2 I can only generate a request that has a "SecurityTokenReference" with a "KeyIdentifier" childelement for the "Subject Key Identifier" (SKI), like in the spec [1]. But the server-side runs into problems with an exception, and then i tried to run an axis/wss4j client with SKI and didn't even get to send the request due to the same reason. I've looked around and found that my certificat doesn't contain a SKI, so in a way it's fair that wss4j gives an exception, but then I wonder how .NET/WSE2 does create a request with it. >From the RFC [2] it does seem like I should go back and create a new set of certifcates:
<quote section="4.2.1.2 Subject Key Identifier"> To assist applications in identifying the appropriate end entity certificate, this extension SHOULD be included in all end entity certificates. </quote> Has anyone dealt with the same problems, and do you think my certificates are to blame and last how can .NET/WSE2 do it. Thanks for any advice. Regards Brian [1] http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1 .0.pdf [2] http://www.faqs.org/rfcs/rfc3280.html
cpr.der
Description: application/x509-ca-cert
