Hi, i found that when a client use X509 Certificate Token Reference:
or
the server looks for the keys in the keystore instead of the truststore.
In the case of:
- directReference (default)
the server looks for the key in the truststore.
I have veryfied this with some other guy, and i test this several times.
I know this might be not very important, but i would like your opinions if i should report a jira with the 'bug'.
I will try to look forward a solution for this.
--
The other thing i found is that when receiving x509IssuerSerial from SoapUI (i think it use some apache implementation, but nnot sure)
the IssuerName is send as:
CN=Entidad Cert. TEST de Sistema de Transporte Metropolitano,OU=STM,O=IMM,C=UY
but what Jboss expected is:
CN=Entidad Cert. TEST de Sistema de Transporte Metropolitano, OU=STM, O=IMM, C=UY
I tried to look for the standard to determine if the problem is from SoapUI or if Jboss should support receiving the IssuerName without spaces after comma but dont find nothing strictly talking about this.
Anyway im quite new to all this security stuff. I would like to hear an experienced voice.
Greetings.