Hi, I have a problem with WSS4J 1.0.0. I'm trying to use WSDoAllReceiver to sign a message and WSDOAllSender to versify the signature. It works if I give the server a keystore that contains the senders entire certificate chain. It fails if I give the server a keystore containing just the certificate for the sender's CA.
Looking in WSSecurityEngine, and truning on the debug log, it seems that the WSS4J library-code is trying to get the CA certificate by first finding the user's personal certificate (by serial number) _in the server's keystore_. It's calling getAliasForX509Cert(String issuer, BigInteger serialNumber, true) on Merlin. This can't work when the server only has the CA certificate. Maybe I've got it wrongly configured (again). Is there some setting I need to make s.t. the server trusts all certificates from a given CA? Cheers, Guy Guy Rixon [EMAIL PROTECTED] Institute of Astronomy Tel: +44-1223-337542 Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
