Is there some way to get X509IssuerName and X509SerialNumber fields to X509Data? I'm just guessing could that be an issue or not, but I have no idea what I'm doing wrong otherwise:
My problem is that even if I can validate my message's XML signature ok and service's response XML signature ok, I get "Content digital signature not valid" error code from the service. My test looks like this:pastebin.com/9tQ9EM15. Whole package with certs, wse-php+xmlseclibs, WSDL and XML-outputs at http://www.kajala.com/temp/NordeaWSTest1.zip. Tested with PHP 5.3.6.
About the certs: I converted their .p12 file (also included in that package) with openssl pkcs12 -in WSNDEA1234.p12 -nodes -out WSNDEA1234.pem and then split the result to separate files, but I guess that should be valid?
> Is there some way to get X509IssuerName and X509SerialNumber fields to > X509Data? I'm just guessing could that be an issue or not, but I have > no idea what I'm doing wrong otherwise:
> My problem is that even if I can validate my message's XML signature > ok and service's response XML signature ok, I get "Content digital > signature not valid" error code from the service. My test looks like > this:pastebin.com/9tQ9EM15 <http://pastebin.com/9tQ9EM15>. Whole > package with certs, wse-php+xmlseclibs, WSDL and XML-outputs at > http://www.kajala.com/temp/NordeaWSTest1.zip. Tested with PHP 5.3.6.
> About the certs: I converted their .p12 file (also included in that > package) with openssl pkcs12 -in WSNDEA1234.p12 -nodes -out > WSNDEA1234.pem and then split the result to separate files, but I > guess that should be valid?
> Any help or pointers greatly appreciated. :)
> Thanks again, > Jani
Based on that error message, neither of those should be an issue as it appears to be an issue with the actual signature rather than the x509 (unless a wrong cert was used to sign the message). Can you send me the raw output tar'd up of $request just before parent::__doRequest is called?
The .P12 file converted as .PEM has two certs and two private keys. I've tried them both in signing the ApplicationRequest and signing the SOAP but so far no luck.
Thanks again for your help!
Jani
On Mon, Jun 27, 2011 at 9:51 AM, Rob Richards <rricha...@cdatazone.org>wrote:
> Is there some way to get X509IssuerName and X509SerialNumber fields to > X509Data? I'm just guessing could that be an issue or not, but I have no > idea what I'm doing wrong otherwise:
> My problem is that even if I can validate my message's XML signature ok and > service's response XML signature ok, I get "Content digital signature not > valid" error code from the service. My test looks like this:pastebin.com/9tQ9EM15. > Whole package with certs, wse-php+xmlseclibs, WSDL and XML-outputs at > http://www.kajala.com/temp/NordeaWSTest1.zip. Tested with PHP 5.3.6.
> About the certs: I converted their .p12 file (also included in that > package) with openssl pkcs12 -in WSNDEA1234.p12 -nodes -out WSNDEA1234.pem > and then split the result to separate files, but I guess that should be > valid?
> Any help or pointers greatly appreciated. :)
> Thanks again, > Jani
> Based on that error message, neither of those should be an issue as it > appears to be an issue with the actual signature rather than the x509 > (unless a wrong cert was used to sign the message). Can you send me the raw > output tar'd up of $request just before parent::__doRequest is called?
