[xmlsec] Key not found

Aleksey Sanin aleksey at aleksey.com
Thu Aug 14 08:41:52 PDT 2003

In xmlsec you have two types of certificates used in the verification 
    1) trusted certificates - these certificates can finish certificates 
chain and
    validate it. For example, root CA certificates should be loaded as 
    2) untrusted certificates - these certificates are just "known" to 
xmlsec but  
    xmlsec would validate untrusted certificates before using the key.
In xmlsec command line utility you can load trusted certificates with 
option and untrusted with "--untrusted" option.

When we need to find a cert by subject, issuer name/serial, etc. we do 
untrusted certificates list only. In verify3 example you mention the 
you are loading is trusted. Thus xmlsec could not find it. Probably you want
to slightly modify it and load your certificate in both untrusted and 
trusted lists.
Search for xmlSecKeyDataTypeTrusted, do a copy of this line and replace
xmlSecKeyDataTypeTrusted with xmlSecKeyDataTypeUntrusted.


More information about the xmlsec mailing list