[xmlsec] Key not found
Aleksey Sanin
aleksey at aleksey.com
Thu Aug 14 08:41:52 PDT 2003
In xmlsec you have two types of certificates used in the verification
process:
1) trusted certificates - these certificates can finish certificates
chain and
validate it. For example, root CA certificates should be loaded as
trusted.
2) untrusted certificates - these certificates are just "known" to
xmlsec but
xmlsec would validate untrusted certificates before using the key.
In xmlsec command line utility you can load trusted certificates with
"--trusted"
option and untrusted with "--untrusted" option.
When we need to find a cert by subject, issuer name/serial, etc. we do
search
untrusted certificates list only. In verify3 example you mention the
certificate
you are loading is trusted. Thus xmlsec could not find it. Probably you want
to slightly modify it and load your certificate in both untrusted and
trusted lists.
Search for xmlSecKeyDataTypeTrusted, do a copy of this line and replace
xmlSecKeyDataTypeTrusted with xmlSecKeyDataTypeUntrusted.
Aleksey
More information about the xmlsec
mailing list