Thanks, I see now why it was doing that. I thought I _was_ sending the certificate in the message.
How do I activate the DirectReference option? It doesn't seem to be mentioned in the deployment examples. On Tue, 9 Aug 2005, Dittmann, Werner wrote: > Guy, > > to verify a Signature you need the "real" certificate, not > only the CA certificate. The CA certificte only proves that > the "real" certifcate is ok. If you want avoid to have the > real certificate (the one used to sign) in the keystore > you could use the DirectReference option. > > In that case the cretificate is transfered inside the request > to the server (coded in base64). > > Regards, > Werner > > PS. The WSDoAllReceiver conains certificate Path validation. > This is implemented in a way that us must have all certificates in > the keystroe, even if you send it via DirectReference. This > is an open issue we will address in the next time. > > Werner > > > -----Urspr?ngliche Nachricht----- > > Von: Guy Rixon [mailto:[EMAIL PROTECTED] > > Gesendet: Dienstag, 9. August 2005 13:25 > > An: [email protected] > > Betreff: Signature-verification problem in WSS4J > > > > > > Hi, > > > > I have a problem with WSS4J 1.0.0. I'm trying to use > > WSDoAllReceiver to sign a > > message and WSDOAllSender to versify the signature. It works > > if I give the > > server a keystore that contains the senders entire > > certificate chain. It fails > > if I give the server a keystore containing just the > > certificate for the > > sender's CA. > > > > Looking in WSSecurityEngine, and truning on the debug log, it > > seems that the WSS4J library-code is trying to get the CA > > certificate by first > > finding the user's personal certificate (by serial number) > > _in the server's > > keystore_. It's calling > > > > getAliasForX509Cert(String issuer, BigInteger serialNumber, true) > > > > on Merlin. This can't work when the server only has the CA > > certificate. > > > > Maybe I've got it wrongly configured (again). Is there some > > setting I need to > > make s.t. the server trusts all certificates from a given CA? > > > > Cheers, > > Guy > > > > Guy Rixon [EMAIL PROTECTED] > > Institute of Astronomy Tel: +44-1223-337542 > > Madingley Road, Cambridge, UK, CB3 0HA Fax: > > +44-1223-337523 > > > Guy Rixon [EMAIL PROTECTED] Institute of Astronomy Tel: +44-1223-337542 Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
