[xmlsec] Adding X509 Certificate

Aleksey Sanin aleksey at aleksey.com
Fri Mar 3 15:23:29 PST 2006


WSSE extensions are not implemented by xmlsec at the moment.
But I do accept patches :)

Aleksey

Daniel Johansson wrote:
> Thanks, now I got it right.
> 
> I got one more problem however. Can I use the <BinarySecurityToken> and
> <SecurityTokenReference> element to insert a certificate, instead of using
> <X509Data> and <X509Certificate>? Is there a difference between the two?
> 
> /Daniel
> 
> Example:
> 
> <KeyInfo>
>    <wsse:SecurityTokenReference>
>       <wsse:Reference
> URI="#SecurityToken-12345678-1234-1234-1234-123456789012"/>
>    </wsse:SecurityTokenReference>
> </KeyInfo>
> 
> Referencing this element outside the <signature> element:
> 
> <wsse:BinarySecurityToken ValueType="wsse:X509v3"
> EncodingType="wsse:Base64Binary"
> xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
> wsu:Id="SecurityToken-12345678-1234-1234-1234-123456789012">MIIFNH765Gd...</
> wsse:BinarySecurityToken>
> 
> 
> On 06-03-03 17.48, "Aleksey Sanin" <aleksey at aleksey.com> wrote:
> 
>>> The manual says that "--privkey-pem" loads both private key and
>>> certificate.
>> http://www.aleksey.com/xmlsec/xmlsec-man.html
>>
>> --privkey-pem[:<name>] <file>[,<cafile>[,<cafile>[...]]]
>>    load private key from PEM file and certificates that verify this key
>>
>> Dmitry is correct. You are loading *only* private key. You need
>> to put certificate into a separate file and specify it after comma
>> (see the command above).
>>
>> Aleksey
>>
>>
>>
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec


More information about the xmlsec mailing list