Following up on my last post, I find that java.security.KeyStore will not read my certificate chain from a PKCS#12 store when called from a test programme. This problem is nothing to do with Merlin or WSS4J but may hinder other users of WSS4J so may need to be documented in the WSS4J pages.
If I convert my keystore to type JKS, by exporting the certificate chain and private key from the PKCS#12 store and reimporting, then java.security.KeyStore can read the certificate chain. With this store, WSDoAllSender runs successfully and signs the SOAP messages. On Thu, 4 Aug 2005, Guy Rixon wrote: > I have a problem with my PKCS12 keystore. When Merlin loads ths store it finds > the alias for my credentials but java.security.KeyStore insists that the entry > for that alias is a "key entry" and has no certificate chain. Using other > tools, I can show that the alias does have a valid certificate chain. It > seems that the Java keystore class is either buggy or has strict and > undocumented rules about how PKCS#12 format can be used. Can anybody advise? > > This relates to the "unexpected number of X.509 data" error reported > yesterday. > > Thanks, > Guy > > Guy Rixon [EMAIL PROTECTED] > Institute of Astronomy Tel: +44-1223-337542 > Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523 > Guy Rixon [EMAIL PROTECTED] Institute of Astronomy Tel: +44-1223-337542 Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
