Re: Certificat problem.

Mon, 29 Aug 2005 04:45:08 -0700 

Looks like keytool generates the wrong version of X.509 for this use case:
probably v1 instead of v3. If you need an X.509v3 certificate, use OpenSSL to
make it.

On Mon, 29 Aug 2005, [ISO-8859-1] Jérôme PICARD wrote:

> Hello,
>
> I want to use "UsernameToken Encrypt" to secure my webservice.
>
> When I use the "interop2.jks" keystore and the user "bob" all works. But
> if I create my own keystore and a certificat, I catch an exception.
>
> To create the certificat, I use "keytool".
>
> // Create "ged" certificat in the "serveur" keystore.
> keytool -genkey -alias ged -keyalg RSA -keypass password -storepass
> serveur -keystore serveur.jks
>
> // Export the public key to a file "gercertificat.cer".
> keytool -export -keystore serveur.jks -alias ged -storepass serveur
> -file gedcertificat.cer
>
> // Import public key to the client keystore. Client of the WebService.
> keytool -import -alias ged -file gedcertificat.cer -keystore client.jks
> -storepass client
>
> Do you have some idea about my problem ?
>
> Thanks,
>
> _This is the exception :_
>
> AxisFault
>  faultCode:
> {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
>  faultSubcode:
>  faultString: WSDoAllSender: Encryption: error during message
> processingorg.apache.ws.security.WSSecurityException: An unsupported
> token was provided (Problem with SKI information: Wrong certificate
> version (<3))
>  faultActor:
>  faultNode:
>  faultDetail:
>     {http://xml.apache.org/axis/}stackTrace:WSDoAllSender: Encryption:
> error during message
> processingorg.apache.ws.security.WSSecurityException: An unsupported
> token was provided (Problem with SKI information: Wrong certificate
> version (<3))
>     at
> org.apache.ws.axis.security.WSDoAllSender.performENCRAction(WSDoAllSender.java:455)
>     at
> org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender.java:316)
>     at
> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>     at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>     at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>     at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
>     at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
>     at org.apache.axis.client.Call.invoke(Call.java:2748)
>     at org.apache.axis.client.Call.invoke(Call.java:2424)
>     at org.apache.axis.client.Call.invoke(Call.java:2347)
>     at org.apache.axis.client.Call.invoke(Call.java:1804)
>     at
> localhost.ServeurWebService.services.WSGed.WSGedSoapBindingStub.putDocument(WSGedSoapBindingStub.java:106)
>     at TestWebService.main(TestWebService.java:54)
>
>
>

Guy Rixon                                       [EMAIL PROTECTED]
Institute of Astronomy                          Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA          Fax: +44-1223-337523

Reply via email to