Hello again Glen I have control over the web service provider. I am running on a Tomcat server on a local machine.
I tried to reload the keys again thinking I made an error last time (I only used one client and one server key this time, just to be sure), but I am still getting the exact same error. Lastly, you are saying that you put the entire example somewhere on your blog, but I can't seem to find it. I might just be blind, but I have looked over the blog entry a couple of times not but I just can't find it. Can you tell me where it is? >Do you have control over the web service provider, or it's external and >you're only building a client? >I provided the source code in that blog entry, you might wish to >download and at least confirm *that* works, then it's an issue of trying >to extrapolate why my client's OK but yours is having problems (of >course, the fact that you're using a different web service provider that >might have some peculiar requirements is probably going to be the source >of the problem.) Using Wireshark >(http://www.jroller.com/gmazza/entry/soap_calls_over_wireshark) can also >help with your debugging a bit, by making it clearer where the error >messages are coming from. >It appears the "The signature or decryption was invalid" message came >from the web service provider, that might mean the service has the wrong >client public key in its truststore (when it tried to validate the >client's signature, it's comparing it with the wrong public key) or, if >you're using assymmetric (2-key) binding, your client has the wrong >public key of the service (The client encrypted the message with the >wrong public key and hence the decryption failure when the service tried >to decrypt it with its private key.) >Finally, one of the keys you mentioned below: >keytool -genkey -alias myclient2key -keyalg RSA -sigalg SHA1withRSA -keypass >ck2pass -storepass cs2pass -keystore client2Keystore.jks -dname >Is unnecessary, it was placed in the tutorial for educational purposes only. >HTH, >Glen -- View this message in context: http://cxf.547215.n5.nabble.com/WS-Security-policy-not-being-enabled-in-CXF-tp5512888p5530444.html Sent from the cxf-user mailing list archive at Nabble.com.
