[xmlsec] Key not found

Aleksey Sanin aleksey at aleksey.com
Thu Aug 14 08:41:52 PDT 2003


In xmlsec you have two types of certificates used in the verification 
process:
    1) trusted certificates - these certificates can finish certificates 
chain and
    validate it. For example, root CA certificates should be loaded as 
trusted.
    2) untrusted certificates - these certificates are just "known" to 
xmlsec but  
    xmlsec would validate untrusted certificates before using the key.
In xmlsec command line utility you can load trusted certificates with 
"--trusted"
option and untrusted with "--untrusted" option.

When we need to find a cert by subject, issuer name/serial, etc. we do 
search
untrusted certificates list only. In verify3 example you mention the 
certificate
you are loading is trusted. Thus xmlsec could not find it. Probably you want
to slightly modify it and load your certificate in both untrusted and 
trusted lists.
Search for xmlSecKeyDataTypeTrusted, do a copy of this line and replace
xmlSecKeyDataTypeTrusted with xmlSecKeyDataTypeUntrusted.


Aleksey






More information about the xmlsec mailing list