[jboss-user] [JBoss Web Services] - Looking for keys in the wrong place
Federico Jorge
do-not-reply at jboss.com
Wed Dec 22 10:11:09 EST 2010
Federico Jorge [http://community.jboss.org/people/fedejofa] created the discussion
"Looking for keys in the wrong place"
To view the discussion, visit: http://community.jboss.org/message/577213#577213
--------------------------------------------------------------
Hi, i found that when a client use X509 Certificate Token Reference:
* keyIdentifier
or
* x509IssuerSerial
the server looks for the keys in the keystore instead of the truststore.
In the case of:
* directReference (+default+)
the server looks for the key in the truststore.
I have veryfied this with some other guy, and i test this several times.
I know this might be not very important, but i would like your opinions if i should report a jira with the 'bug'.
I will try to look forward a solution for this.
--
The other thing i found is that when receiving x509IssuerSerial from SoapUI (i think it use some apache implementation, but nnot sure)
the IssuerName is send as:
CN=Entidad Cert. TEST de Sistema de Transporte Metropolitano,*OU=STM,O=IMM,C=UY*
but what Jboss expected is:
CN=Entidad Cert. TEST de Sistema de Transporte Metropolitano*, OU=STM, O=IMM, C=UY*
I tried to look for the standard to determine if the problem is from SoapUI or if Jboss should support receiving the IssuerName without spaces after comma but dont find nothing strictly talking about this.
Anyway im quite new to all this security stuff. I would like to hear an experienced voice.
Greetings.
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/577213#577213]
Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20101222/87ec117e/attachment.html
More information about the jboss-user
mailing list