Hi,
When i use keystore (jks) to sign my messages, i don't have any problem.
When i swith to pkcs12, here is the stack trace i get on service side :
org.apache.ws.security.handler.WSHandler (verifyTrust()) - WSHandler:
Transmitted certificate has subject CN=zenithopcvm, OU=Certification
Authority, O=Federal Service, L=Le Relecq-Kerhuon, ST=FR-29, C=FR
org.apache.ws.security.handler.WSHandler (verifyTrust()) - WSHandler:
Transmitted certificate has issuer [EMAIL PROTECTED], CN=Federal
Service CA, OU=Certification Authority, O=Federal Service, L=Le
Relecq-Kerhuon, ST=FR-29, C=FR (serial 60)
org.apache.ws.security.handler.WSHandler (verifyTrust()) - No alias found
for subject from issuer with [EMAIL PROTECTED], CN=Federal
Service CA, OU=Certification Authority, O=Federal Service, L=Le
Relecq-Kerhuon, ST=FR-29, C=FR (serial 60)
org.apache.ws.security.handler.WSHandler (verifyTrust()) - No aliases found
in keystore for issuer [EMAIL PROTECTED], CN=Federal Service CA,
OU=Certification Authority, O=Federal Service, L=Le Relecq-Kerhuon,
ST=FR-29, C=FR of certificate for CN=zenithopcvm, OU=Certification
Authority, O=Federal Service, L=Le Relecq-Kerhuon, ST=FR-29, C=FR
org.codehaus.xfire.security.wss4j.WSS4JInHandler (invoke()) | user: -
WSS4JInHandler: The certificate used for the signature is not trusted
org.codehaus.xfire.handler.DefaultFaultHandler (invoke()) | user: - Fault
occurred!
org.codehaus.xfire.fault.XFireFault: WSS4JInHandler: The certificate used
for the signature is not trusted
at
org.codehaus.xfire.security.wss4j.WSS4JInHandler.invoke(WSS4JInHandler.java:197)
at
org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
at
org.codehaus.xfire.transport.DefaultEndpoint.onReceive(DefaultEndpoint.java:64)
at
org.codehaus.xfire.transport.AbstractChannel.receive(AbstractChannel.java:38)
at
org.codehaus.xfire.transport.http.XFireServletController.invoke(XFireServletController.java:301)
at
org.codehaus.xfire.transport.http.XFireServletController.doService(XFireServletController.java:130)
at
org.codehaus.xfire.transport.http.XFireServlet.doPost(XFireServlet.java:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)
After looking at WSS4J sources, it seems that WSS4J doesn't find issuer's
certificate. Here is the command line i use to generate pkcs12 file :
openssl pkcs12 -export -in name-cert.pem -inkey private/name-key.pem
-certfile cacert.pem -name "[friendly name]" -out name-cert.p12
--
View this message in context:
http://www.nabble.com/Signing-message-using-PKCS12-tf3901451.html#a11060149
Sent from the XFire - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe from this list please visit:
http://xircles.codehaus.org/manage_email
