Re: How does WSE2 search for private key given X509 certificate?
From: Bo Yan (bo.yan_at_csiro.au)
Date: 10/29/04
- Previous message: Ipsita: "How to send a DIME attachment with SOAP"
- In reply to: Softwaremaker: "Re: How does WSE2 search for private key given X509 certificate?"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 28 Oct 2004 19:36:18 -0700
Thanks once again for the very quick reply, but your answer raised another
question.
After I deleted the x509 certificate with private key from the cert store,
when calling the WSE2 soap server using WSE2 client(so
X509SubjectKeyIdentifier is used), the error message is "<faultstring>
Microsoft.Web.Services2.Security.SecurityFault: Referenced security token
could not be retrieved", which is in my expectation.
But when jwsdp client is used(i.e. the x509 cert embeded), the error usage
is "System.InvalidOperationException: Private Key is not available".
Why does WSE give such a error message even it can not find the x509 cert in
the cert store? No one will expect it find the private key from the coming
soap header. What makes the error messages so different for the two incoming
requests?
Thanks and cheers,
Bo
"Softwaremaker" <msdn@removethis.softwaremaker.net> wrote in
news:ejKBRmVvEHA.3200@TK2MSFTNGP14.phx.gbl:
>
> "Bo Yan" <bo.yan@csiro.au> wrote in message
> news:#pEfaGUvEHA.3200@TK2MSFTNGP14.phx.gbl...
>> Dear hth,
>> Thank you for your reply. Let me make my question more clear.
>> There is NO Private Key in the soap request. JWSDP1.4(the client) does
>> send the X509 certificate to the soap server, including the public key
>> of the sever, with which to encrypt its request message.
>> To verify the correctness of the embeded x509 cert, I copied the
>> embeded BinarySecurityToken to a C# application, created an instance
>> of Microsoft.Web.Services2.Security.X509.X509Certificate successfully
>> with WSE2 API. The X509SubjectKeyIdentifier is exactly the one in the
>> cert store with a private key. Actually, the x509 cert attached in my
>> original question is just the X509 Certificate of
>> WSE2QuickStartServer. My question is, will WSE2 go to certificate
>> store to search for the x509 cert and private key in it if there is
>> the same certificate already in the coming soap request only with a
>> public key?
>
> [Softwaremaker] Yes, WSE2 does set to look for the corresponding
> PrivateKey pair of the same certificate in the specified keyStore,
> provided you tell it to look for it in the right place via the config
> file.
>
- Previous message: Ipsita: "How to send a DIME attachment with SOAP"
- In reply to: Softwaremaker: "Re: How does WSE2 search for private key given X509 certificate?"
- Messages sorted by: [ date ] [ thread ]
