Hi Tom,
I don't know how you create the certificate.
I have generated the WCF certifcate by coding, It's a X509 certificate
version 3.
"
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
// self-signed
certGen.SetIssuerDN(dnName);
certGen.SetPublicKey(keyPair.Public);
certGen.SetSignatureAlgorithm("SHA1withRSA");
// add extensions
certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier,
true, new AuthorityKeyIdentifierStructure(keyPair.Public));
certGen.AddExtension(X509Extensions.SubjectKeyIdentifier, true
, new SubjectKeyIdentifierStructure(keyPair.Public));
certGen.AddExtension(X509Extensions.BasicConstraints, true,
new BasicConstraints(false));
certGen.AddExtension(X509Extensions.KeyUsage, true,
new KeyUsage(KeyUsage.DigitalSignature | KeyUsage
.KeyEncipherment |
KeyUsage.DataEncipherment | KeyUsage
.NonRepudiation ));
ArrayList extKeyUsages = new ArrayList();
extKeyUsages.Add(KeyPurposeID.IdKPClientAuth);
extKeyUsages.Add(KeyPurposeID.IdKPTimeStamping);
certGen.AddExtension(X509Extensions.ExtendedKeyUsage, true,
new ExtendedKeyUsage(extKeyUsages));
"
The certificate in the keystore.jks looks like this, here in German :-)
"
Aliasname: testapojava1
Erstellungsdatum: 08.07.2010
Eintragstyp: trustedCertEntry
Eigner: [email protected], CN=TestApoJava1, OU=OrgUnit, O=company,
L=Merzig, C=DE
Aussteller (Issuer): [email protected], CN=TestApoJava1,
OU=OrgUnit, O=company, L=Merzig, C=DE
Seriennummer: fb1302e937b79a09
Gültig von: Thu Jul 08 08:47:06 CEST 2010 bis: Sun Jul 05 08:47:06 CEST
2020
Digitaler Fingerabdruck (thumbprint) des Zertifikats:
MD5: 49:EE:56:34:1D:3E:53:FA:EC:0E:83:AD:DE:65:07:B8
SHA1: 5A:74:83:5C:94:1C:2C:71:90:14:00:3A:FD:6C:91:25:95:B1:97:45
Unterschrift-Algorithmusname: SHA1withRSA
Version: 3
Erweiterungen (Extensions):
#1: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
]
#2: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 76 C3 16 C3 79 4C DF 63 44 97 97 03 70 9E EE AE v...yL.cD...p...
0010: 03 C6 DD E1 ....
]
]
#3: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
clientAuth
timeStamping
1.3.6.1.4.1.311.10.3.3
2.16.840.1.113730.4.1
]
#4: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
"
See also:
https://community.emc.com/docs/DOC-8153
http://www.netframeworkdev.com/windows-communication-foundation/wcf-client-cant-handle-response-from-axis2-service-68206.shtml
Regards,
Herwig
Von: "Tomasz Sienkiewicz" <[email protected]>
An: <[email protected]>
Datum: 12.10.2010 11:28
Betreff: RE: Antwort: RE: WCF interoperatibility AXIS: signature or
decryption was invalid
Hi,
Could you please provide more details?
You did change to KeyInfo element, right?
Regards
Tom
-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Tuesday, October 12, 2010 7:48 AM
To: [email protected]
Subject: Antwort: RE: WCF interoperatibility AXIS: signature or decryption
was invalid
I had the same problem with WCF clients. Finally I've solved the issue
with adding the extension "Subject Key Identifier" to the server key and
client key.
Regards,
Herwig David
EDV-Entwicklung
kohlpharma GmbH
Im Holzhau 8, 66663 Merzig
Tel.: 06867/920-3526
eMail: [email protected]
Von: "Tomasz Sienkiewicz" <[email protected]>
An: <[email protected]>
Datum: 11.10.2010 16:56
Betreff: RE: WCF interoperatibility AXIS: signature or decryption
was invalid
Unfortunately no, I'm not an owner of Web service, I tried to force owner
to
use 1.5 but without success (they cannot change rampart version).
Regards
Tom
kohlpharma GmbH
Geschaeftsfuehrer: Prof. Edwin Kohl, Dr. Dadja Altenburg-Kohl, Dipl.-Kfm. Jörg
Geller
Im Holzhau 8
66663 Merzig
Amtsgericht Saarbruecken HRB 63210
