[xmlsec] Signature Verification Problem Using X509 Certificates

Roumen Petrov xmlsec at roumenpetrov.info
Sat Feb 23 09:29:53 PST 2008


Aleksey Sanin wrote:
>> Aleksey did presence of self signed root certificate in document 
>> violate standard ?
>
> Not really. And I already suggested that and it seems the situation
> did not improve.
>
> Aleksey
>
The error 1) "unable to get local issuer certificate" is very specific 
(note word local).
It is different from 2) "unable to get issuer certificate".

If trusted root is not in store the usual error is 3) "self signed 
certificate in certificate chain" but Paul case is different.

May be test case aleksey-xmldsig-01/enveloping-rsa-x509chain will raise 
same message if root certificate is with 
basicConstraints=critical,CA:TRUE,pathlen:3 ?


Roumen




More information about the xmlsec mailing list