<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'><span style="color: rgb(68, 68, 68); font-size: 15px; line-height: 21.2999992370605px; background-color: rgb(255, 255, 255);">Thanks for the answer. The file ia.p12 had 2 certs. I corrected it and now I have only one X509Certificate tag.</span><br><br><div>> Subject: Re: [xmlsec] Duplicated X509Certificate<br>> To: marcosbontempo@hotmail.com; xmlsec@aleksey.com<br>> From: aleksey@aleksey.com<br>> Date: Sun, 3 Jan 2016 14:38:51 -0800<br>> <br>> Check the content of ia.p12 -- it might have multiple certs inside it<br>> <br>> Aleksey<br>> <br>> On 1/3/16 1:38 PM, Marcos Bontempo wrote:<br>> > Thanks for the answer. I removed the --trusted-pem option, but the<br>> > signed file stills with two x509Certifcate tags.<br>> > <br>> >> Subject: Re: [xmlsec] Duplicated X509Certificate<br>> >> To: marcosbontempo@hotmail.com; xmlsec@aleksey.com<br>> >> From: aleksey@aleksey.com<br>> >> Date: Sun, 3 Jan 2016 13:19:42 -0800<br>> >><br>> >> Remove --trusted-pem ca.crt, you don't need it for signing<br>> >><br>> >> Aleksey<br>> >><br>> >> On 1/3/16 1:15 PM, Marcos Bontempo wrote:<br>> >> > Hello,<br>> >> ><br>> >> > I'm signing a XML file with this command:<br>> >> ><br>> >> > xmlsec1 --sign --output signed.xml --pkcs12 ia.p12 --pwd password<br>> >> > --trusted-pem ca.crt to-sign.xml<br>> >> ><br>> >> > And here is my signature info:<br>> >> ><br>> >> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><br>> >> > <SignedInfo><br>> >> > <Canonical tizationMethod<br>> >> > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /><br>> >> > <SignatureMethod<br>> >> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><br>> >> > <Reference URI=""><br>> >> > <Transforms><br>> >> > <Transform<br>> >> > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><br>> >> > <Transform<br>> >> > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /><br>> >> > </Transforms><br>> >> > <DigestMethod<br>> >> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><br>> >> > <DigestValue></DigestValue><br>> >> > </Reference><br>> >> > </SignedInfo><br>> >> > <SignatureValue></SignatureValue><br>> >> > <KeyInfo><br>> >> > <X509Data></X509Data><br>> >> > </KeyInfo><br>> >> > </Signature><br>> >> ><br>> >> > It's working but I get two X509Certificate tags:<br>> >> ><br>> >> > <X509Data><br>> >> ><br>> > <X509Certificate>MIIEBzCCAu+gAwIBAgIJANN+QDNqjUZHMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD<br>> >> > VQQGEwJCUjEVMBMGA1UECAwMTWluYXMgR2VyYWlzMR4wHAYDVQQHDBVTYW50YSBS<br>> >> > aXRhIGRvIFNhcHVjYWkxGjAYBgNVBAoMEXd3dy5uaXRlcmUuY29tLmJyMQ8wDQYD<br>> >> > VQQLDAZOaXRlcmUxDzANBgNVBAMMBm5pdGVyZTEVMBMGCSqGSIb3DQEJARYGbml0<br>> >> > ZXJlMB4XDTE2MDEwMzE5MzgwNloXDTE2MTIyNDE5MzgwNlowgZkxCzAJBgNVBAYT<br>> >> > AkJSMRUwEwYDVQQIDAxNaW5hcyBHZXJhaXMxHjAcBgNVBAcMFVNhbnRhIFJpdGEg<br>> >> > ZG8gU2FwdWNhaTEaMBgGA1UECgwRd3d3Lm5pdGVyZS5jb20uYnIxDzANBgNVBAsM<br>> >> > Bk5pdGVyZTEPMA0GA1UEAwwGbml0ZXJlMRUwEwYJKoZIhvcNAQkBFgZuaXRlcmUw<br>> >> > ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCamYGpTT06/+UTNX4KqRw3<br>> >> > 2rhi2vzfCXadBu4sfPKX/UrkX8zzm/MLKblJdI0x7S2Cwe+uI/mj863Xwvu3A13B<br>> >> > MpuUmZ8JAxeSyB9N64I1Dq2eT2M0zNoNWC9siiVZsscaNOrZMb2aReyb3P/i5JQc<br>> >> > U0K/326dtVDA2rK2Loh5bXrMz2MDk0IXOaMprTDllOPtVma8uIutfJkmjt/6eE3P<br>> >> > Da/J4oRjB20HYyDdI78XbXFBH8YxTpg8xTpRyLuT6/hlBi00gSLU62t7vpgo9o02<br>> >> > bz2jrw8njP8prZjJ1oP+42YdHa4RQ+ecCjUYzQxhkODOBo7H2Ls8MTWNwOfab/UT<br>> >> > AgMBAAGjUDBOMB0GA1UdDgQWBBS6V/pC6Zl8yqDebDbrp2M1dvuUtTAfBgNVHSME<br>> >> > GDAWgBS6V/pC6Zl8yqDebDbrp2M1dvuUtTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3<br>> >> > DQEBCwUAA4IBAQAfAPQmG2ger41eMlM39mz0x6gSPITOYsi19WoSaXhT/3tLIS2l<br>> >> > Zo8GrYg8ENi7w20dJ0LkCRcDqPpNdM8rMpkoL8dsFGmx+33E7Wl9YrtHNK59BwyU<br>> >> > TpQJtPOe1mJGtauY4k4BhFUVK9TU6zXlaLzXzPOYEKeOkCR26NsV/o3qcu8vPs5/<br>> >> > Ghu3/I1TTyUAeAArMjg24gmoJogUo9bD188AI1fIegRRC549KIOjTIouJyrvTyvb<br>> >> > /oj6Ur8n4yBxW6sVTkFF5XFSGuC9iqZ4ZLb3vXXK0zQR9LsKx5GOxolQ8uT+QYqV<br>> >> > Xh7GnsnabeU2n47L93uW2VMpjDEp75JuAC1/</X509Certificate><br>> >> ><br>> >> ><br>> > <X509Certificate>MIIDpDCCAowCAQEwDQYJKoZIhvcNAQELBQAwgZkxCzAJBgNVBAYTAkJSMRUwEwYD<br>> >> > VQQIDAxNaW5hcyBHZXJhaXMxHjAcBgNVBAcMFVNhbnRhIFJpdGEgZG8gU2FwdWNh<br>> >> > aTEaMBgGA1UECgwRd3d3Lm5pdGVyZS5jb20uYnIxDzANBgNVBAsMBk5pdGVyZTEP<br>> >> > MA0GA1UEAwwGbml0ZXJlMRUwEwYJKoZIhvcNAQkBFgZuaXRlcmUwHhcNMTYwMTAz<br>> >> > MTkzODM5WhcNMTYxMjI0MTkzODM5WjCBlTELMAkGA1UEBhMCQlIxFTATBgNVBAgM<br>> >> > DE1pbmFzIEdlcmFpczEeMBwGA1UEBwwVU2FudGEgUml0YSBkbyBTYXB1Y2FpMRYw<br>> >> > FAYDVQQKDA1uaXRlcmUuY29tLmJyMQ8wDQYDVQQLDAZOaXRlcmUxDzANBgNVBAMM<br>> >> > Bm5pdGVyZTEVMBMGCSqGSIb3DQEJARYGbml0ZXJlMIIBIjANBgkqhkiG9w0BAQEF<br>> >> > AAOCAQ8AMIIBCgKCAQEAw4AysesK3+UfLc9fRrGzxmZ/eGwgKS+DygkV+LNRl2eK<br>> >> > ZkvLi7rM/5jl2cCVS5gBHGoH2FX/Lv7BkcQMD/AHnk2bYA33S6cnrU5U3cYrAUTe<br>> >> > Vb0nf8joivlK1dCFBoLX/L1xByMyW3/ZGXOK7W2qBQyS50uk0PKDruU5pu2Uaf0v<br>> >> > 9EmKru3ReAIakj4HmTYlSl6ZdF2NZvReEvEx8VrAyoiyXApa6uXsaRkL+nYNqWhO<br>> >> > RNEhqMgSAK+vW4ywSNC3saW/Gwep9LXMpN1klRseJSkcCe0JsUspai9/OsVESPQx<br>> >> > CdH/o0xmoeysUtVNF3ujX8jD1HaOmsJLSrMnX6EA/wIDAQABMA0GCSqGSIb3DQEB<br>> >> > CwUAA4IBAQBG6PyNlC/YmEnfzmjXOKRubUIqaCkf4PO2YS23p+6kVUmKB0w+AbO/<br>> >> > mK3m6Aq/BABqcfDwtFY1kCOl1tcRtF3HD5Kwpoq8xveIwnRHyOeBjeSKgPVnRQmI<br>> >> > sXWjQ48jl8lFbs+LbEAumIGI4eIfIb0wzhyKRZSFjXjZijDi9LktzuHjNftHxGti<br>> >> > THc4dzXpSHKgBFWr6OjQvbCMa+jRIraSWk4fknGF9mCxez7BGAZnQmhfJAnMSYLw<br>> >> > KIRWd7JsYMjzt9x/hcQjcRsdyrRXUX29kfuL7ic2CyoitVTjzJSldajf/quxiymx<br>> >> > QDSNSCy+B65llKZnoNx5gpeV0Q/ZFzqe</X509Certificate><br>> >> > </X509Data><br>> >> ><br>> >> > Does anybody know why it's happening? I'm expecting only one<br>> >> > X509Certificate tag.<br>> >> ><br>> >> > Any tip will be very helpful,<br>> >> > Thanks.<br>> >> ><br>> >> ><br>> >> > _______________________________________________<br>> >> > xmlsec mailing list<br>> >> > xmlsec@aleksey.com<br>> >> > http://www.aleksey.com/mailman/listinfo/xmlsec<br>> >> ><br></div> </div></body>
</html>