I had a hunch that I may have messed up the creation of my keys and certs, so... I went back and re-generated my public cert using the openssl -set_serial option, and now I get *no errors* when signing or verifying using the xmlsec command line utility!
However, it still does not populate the <X509IssuerSerial> node and sub-nodes, only the X509Certificate node. Is this simply not possible to do using the command line tool alone? Chris McQueen -----Original Message----- From: Chris McQueen [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 13, 2007 5:51 PM To: 'xmlsec@aleksey.com' Subject: RE: [xmlsec] LAst try with x509 xmlsec1 --verify --id-attr:id Body --trusted-pem tfpubkey.crt tfsigned.xml returns: func=xmlSecOpenSSLX509FindCert:file=x509vfy.c:line=776:obj=unknown:subj=BN_d ec2bn:error=4:crypto library function failed: OK SignedInfo References (ok/all): 1/1 Manifests References (ok/all): 0/0 Chris McQueen -----Original Message----- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 13, 2007 5:31 PM To: [EMAIL PROTECTED] Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] LAst try with x509 > xmlsec1 --verify --id-attr:id Body --pubkey-cert-pem tfpubkey.crt > tfsigned.xml > > it returns the following errors: > Replace "--pubkey-cert-pem" with "--trusted-pem" Aleksey _______________________________________________ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
