Re: why does WSE fail in trusting certificate chain?
From: nealboy (nealboyzdn_at_hotmail.com)
Date: 12/02/04
- Next message: leighsword: "500 Internal Server?"
- Previous message: Dan Rogers: "RE: SoapExtension logging to SQL"
- In reply to: Dan Rogers: "RE: why does WSE fail in trusting certificate chain?"
- Next in thread: Dan Rogers: "Re: why does WSE fail in trusting certificate chain?"
- Reply: Dan Rogers: "Re: why does WSE fail in trusting certificate chain?"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 2 Dec 2004 10:29:41 +0800
Dan Rogers
Thanks for your relpy.
It seems like that CA I uses should have a certificate issued by other
trusted root CA as your suggestion.
But can I import the test CA root in my computer as a Trusted Root
Certification Authority to solve this problem?In win32 development
enviorment,for example using of CAPICOM,I just do it in this way and it will
be OK.
I also use a certificate issused by a commercial CA(the certificate is
free and testing use) and there is such a problem too.
zhang
"Dan Rogers" <danro@microsoft.com> дÈëÓʼþ
news:jHq4VqA2EHA.768@cpmsftngxa10.phx.gbl...
> Hi Nealboy,
>
> It sounds like you are using a test root to create certificates? Is this
> correct? In short, if the trust chain in a certificate that is received
> has an entry from an untrusted root, you really can't use it across
> machines. Each machine has a certificat store that includes the root
> authority credentials for each trusted root. In a test root, there is no
> trusted root (it's the local machine).
>
> You really need to use a certificate server that has a certificate issued
> by a trusted root certificate authority (you can create your own, of
> course, but nobody will recognize these by default).
>
> I hope this helps
>
> Dan Rogers
> Microsoft Corporation
>
> --------------------
> From: "nealboy" <nealboyzdn@hotmail.com>
> Subject: why does WSE fail in trusting certificate chain?
> Date: Wed, 1 Dec 2004 21:54:48 +0800
> Lines: 18
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Newsreader: Microsoft Outlook Express 6.00.2800.1437
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
> Message-ID: <usUMU161EHA.2824@TK2MSFTNGP09.phx.gbl>
> Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
> NNTP-Posting-Host: 218.19.200.10
> Path:
>
cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09
> phx.gbl
> Xref: cpmsftngxa10.phx.gbl
> microsoft.public.dotnet.framework.webservices.enhancements:4968
> X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements
>
> Hi everyone:
> I just set up a Web Services with using of WSE.The client signs SOAP
> message with a X509 certificate and server verifies the signature in SOAP
> using of WSE.
> But WSE failes in verifying the trust chain of certificate after it
> recevied the SOAP message.It returnes such error: the internal cerificate
> chain error.
> I had already imported the CA cerificate in certificate store that WSE
> is configured to retrieve X.509 certificates from as the documents
describes
> and if the certificate which is used to sign is issued by MS Windows CA
> based on localhost verifying of trust chain will be ok.
> Anybody can give me advices?
> Thanks
>
>
> nealboy
>
>
>
- Next message: leighsword: "500 Internal Server?"
- Previous message: Dan Rogers: "RE: SoapExtension logging to SQL"
- In reply to: Dan Rogers: "RE: why does WSE fail in trusting certificate chain?"
- Next in thread: Dan Rogers: "Re: why does WSE fail in trusting certificate chain?"
- Reply: Dan Rogers: "Re: why does WSE fail in trusting certificate chain?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
