[xmlsec] Adding certificates to keys manager

Mark Young ccgenealogy at hotmail.com
Tue Feb 23 15:23:50 PST 2010

I'm using OpenSSL.  After working on this all day I finally figured out where I was going wrong, though.  Since the certificates were base64, and DER can be base64, I thought I could just load the base64 into the keys manager.  Apparently, though, I had to decode the base64 first and then supply the decoded string to the keys manager as a DER-format certificate.

Sorry to have taken up your time - but hopefully other people will read this and learn from my mistake.

I do have another question.  How long will a certificate of type xmlSecKeyDataTypeSession be kept by the keys manager?  How does it decide when a session has ended?

> Date: Tue, 23 Feb 2010 14:51:14 -0800
> From: aleksey at aleksey.com
> To: ccgenealogy at hotmail.com
> CC: xmlsec at aleksey.com
> Subject: Re: [xmlsec] Adding certificates to keys manager
> What error do you get? What crypto library do you use?
> Aleksey
> On 2/23/2010 2:01 PM, Mark Young wrote:
> > I have hard-coded a trusted root certificate and I can successfully add
> > it to my keys manager using xmlSecCryptoAppKeysMngrCertLoadMemory.
> >
> > I'm receiving a chain of untrusted X509 certificates in an XML message,
> > and I would like to add those certificates to the keys manager as well.
> > However, xmlSecCryptoAppKeysMngrCertLoadMemory doesn't seem to work in
> > this case. I'm still trying to pinpoint where it's failing - but should
> > I be using a different function altogether?
> >
> > The certificates are base64-encoded X509 certificates.
> >
> > ------------------------------------------------------------------------
> > Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up
> > now. <http://clk.atdmt.com/GBL/go/201469229/direct/01/>
> >
> >
> >
> > _______________________________________________
> > xmlsec mailing list
> > xmlsec at aleksey.com
> > http://www.aleksey.com/mailman/listinfo/xmlsec
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20100223/9a27c608/attachment.html>

More information about the xmlsec mailing list