You are doing nothing wrong. The online verifier obviously doesn't have the trusted (root) certificate you are using.
Aleksey On 11/21/11 11:46 AM, Si St wrote:
Upon verification of a signed document with xmlsec1 like this: xmlsec1 sign --privkey gpg-des/newcorvus_cert_key/bpV28_S-key.pem --output alekseysigned_KOM.xml uKOM.xml I get OK with these 2: xmlsec1 verify --trusted gpg-des/newcorvus_cert_key/bpV28_ca.pem alekseysigned_KOM.xml xmlsec1 verify --privkey gpg-des/newcorvus_cert_key/bpV28_S-key.pem alekseysigned_KOM.xml If I try to verify the same file in http://www.aleksey.com/xmlsec/xmldsig-verifier.html I get the following: func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto library function failed:subj=/C=NO/O=MYLASTNAME MYFIRST\xC3\x98NAME/CN=MYLASTNAME MYFIRST\xC3\x98NAME/serialNumber=981789261;err=20;msg=unable to get local issuer certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate verification failed:err=20;msg=unable to get local issuer certificate func=xmlSecOpenSSLEvpSignatureVerify:file=signatures.c:line=346:obj=rsa-sha1:subj=EVP_VerifyFinal:error=18:data do not match:signature do not match RESULT: Signature is INVALID --------------------------------------------------- = VERIFICATION CONTEXT == Status: invalid ..etc,etc The<X509Certificate> as<KeyInfo> in the document is the corresponding cert to the S-key.pem: gpg-des/newcorvus_cert_key/bpV28_S-cer.pem What do I do wrong? -S-
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
