X509IssuerName, X509SerialNumber, certs and signature validation
866 views
Skip to first unread message
Jani Kajala
Jun 24, 2011, 2:17:14 AM6/24/11
to xmlse...@googlegroups.com
Hi all,
Is there some way to get X509IssuerName and X509SerialNumber fields to X509Data? I'm just guessing could that be an issue or not, but I have no idea what I'm doing wrong otherwise:
My problem is that even if I can validate my message's XML signature ok and service's response XML signature ok, I get "Content digital signature not valid" error code from the service. My test looks like this: pastebin.com/9tQ9EM15. Whole package with certs, wse-php+xmlseclibs, WSDL and XML-outputs at http://www.kajala.com/temp/NordeaWSTest1.zip. Tested with PHP 5.3.6.
About the certs: I converted their .p12 file (also included in that package) with openssl pkcs12 -in WSNDEA1234.p12 -nodes -out WSNDEA1234.pem and then split the result to separate files, but I guess that should be valid?
Any help or pointers greatly appreciated. :)
Thanks again,
Jani
Is there some way to get X509IssuerName and X509SerialNumber fields to X509Data? I'm just guessing could that be an issue or not, but I have no idea what I'm doing wrong otherwise:
My problem is that even if I can validate my message's XML signature ok and service's response XML signature ok, I get "Content digital signature not valid" error code from the service. My test looks like this: pastebin.com/9tQ9EM15. Whole package with certs, wse-php+xmlseclibs, WSDL and XML-outputs at http://www.kajala.com/temp/NordeaWSTest1.zip. Tested with PHP 5.3.6.
About the certs: I converted their .p12 file (also included in that package) with openssl pkcs12 -in WSNDEA1234.p12 -nodes -out WSNDEA1234.pem and then split the result to separate files, but I guess that should be valid?
Any help or pointers greatly appreciated. :)
Thanks again,
Jani
Rob Richards
Jun 27, 2011, 10:51:02 AM6/27/11
to xmlse...@googlegroups.com, Jani Kajala
Based on that error message, neither of those should be an issue as
it appears to be an issue with the actual signature rather than the
x509 (unless a wrong cert was used to sign the message). Can you
send me the raw output tar'd up of $request just before
parent::__doRequest is called?
Rob
Rob
Jani Kajala
Jun 27, 2011, 1:29:12 PM6/27/11
to Rob Richards, xmlse...@googlegroups.com
Hi Rob,
The raw $request is DownloadFileList2-SOAPRequest-raw.xml in zip http://www.kajala.com/temp/NordeaWSTest1.zip (also attached it here as tar).
The .P12 file converted as .PEM has two certs and two private keys. I've tried them both in signing the ApplicationRequest and signing the SOAP but so far no luck.
Thanks again for your help!
Jani
The raw $request is DownloadFileList2-SOAPRequest-raw.xml in zip http://www.kajala.com/temp/NordeaWSTest1.zip (also attached it here as tar).
The .P12 file converted as .PEM has two certs and two private keys. I've tried them both in signing the ApplicationRequest and signing the SOAP but so far no luck.
Thanks again for your help!
Jani
Reply all
Reply to author
Forward
0 new messages