In the XML-File there were 3 certificates at all included. The first certificate you extracted as "a.pem".
I saved these certificates as b.pem and c.pem too.
Ops.. The line was too long and I missed the last two certs. However, this changes nothing for me:
[EMAIL PROTECTED] openssl verify -CAfile c.pem b.pem
b.pem: OK[EMAIL PROTECTED] openssl verify -CAfile b.pem a.pem
a.pem: /C=US/O=MasterCard International Incorporated Test System Subordinate/OU=SecureCode Test System Subordinate CA Certificate/CN=MasterCard SecureCode Test Issuer and Directory Subordinate
error 2 at 1 depth lookup:unable to get issuer certificate
The only idea I have is that you have some cert installed in the default openssl path
that I don't have (for example, it might be original root cert used for other certs generation).
And xmlsec does not know about it either. The only suggestion I have is to run xmlsec or openssl
in the debugger. It should be somewhere in openssl/crypto/x509/x509.c or openssl/crypto/x509/x509vfy.c
Does xmlsec uses all these certificates or only get the first one ?!
Yes, of course. It loads everything it can find.
When I try to load the extracted b.pem and c.pem as trusted certificates into xmlsec I getHave you added magic "----BEGIN CERTIFICATE----" and "-----END CERTIFICATE-----" to the extracted
xmlSecX509StoreLoadPemCert (x509.c:1182): error 3: crypto operation failed : X509_LOOKUP_load_file(b.pem) - 0
Error: unable to load certificate file "b.pem".
What could be the reason for that error ?
certs? xmlsec utility expects certs in PEM files.
Aleksey
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
