[xmlsec] LAst try with x509
Chris McQueen
chris at dctransform.com
Wed Jun 13 15:28:03 PDT 2007
If anyone is willing to do some paid contract work on my xmlsec-based
project, Please email me if you are interested.
I hate to give up when I am so close :(
I am back to trying the xmlsec command line utility to achieve the desired
result. The following command outputs everything I need *except* the
<X509IssuerSerial> block (X509IssuerName and X509SerialNumber).
xmlsec1 --sign --id-attr:id Body --privkey-pem tfprivkey.crt,tfpubkey.crt
tfunsigned.xml > tfsigned.xml
What is so frustrating is that when I add the --store-signatures option, it
actually displays the serial and name! They just do not make it into the
signed file.
Also, when I try to verify the result using the following command:
xmlsec1 --verify --id-attr:id Body --pubkey-cert-pem tfpubkey.crt
tfsigned.xml
it returns the following errors:
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:sub
j=X509_verify_cert:error=4:crypto library function
failed:subj=/C=US/ST=MS/L=Jackson/O=DC Forms
LLC/OU=Transform/CN=www.dctransform.com;err=18;msg=self signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:sub
j=unknown:error=71:certificate verification failed:err=18;msg=self signed
certificate
Any last suggestions would be greatly appreciated.
Regards,
Chris McQueen
More information about the xmlsec
mailing list