posted 15 years ago
Hi.
I have created a keystore in my webserver. In this keystore i putted:
1st - My own self signed certificate
keytool -genkey -alias vbvsign -keyalg RSA -keysize 1024 -keystore .keystoreCV -storepass vbvsignpass -storetype jks -dname "CN=172.29.145.110-172.29.145.119, OU=Development, O=SISP, L=Praia, ST=Praia, C=CV"
keytool -certreq -v -alias vbvsign -keystore .keystoreCV -storepass vbvsignpass -file vbvCSR.pem
2nd - CA Certificatekeytool -import -alias MPIclientCA -keystore .keystoreCV -trustcacerts -file pitroot.der
3rd - Client Certificate received by email
keytool -import -alias MPIclientCertificate -keystore .keystoreCV -trustcacerts -file
keytool -import -alias vbvsign -keystore .keystoreCV -trustcacerts -file MPIclient_certificate.der
When i received the last one (3rd), they also send a PKCS#7 certificate chain. Now, i need to validate a XML File, signed, and i dont know what or how can i validate that... Now, i am validating the three certificates (it looks well), but when validating the signature it return a validation error:
"javax.xml.crypto.dsig.XMLSignatureException: the keyselector did not find a validation key"
I think that possibly maybe i need to import or do something else with the PKCS#7 certificate chain that i received by email, but i dont know what to do...
Can you help me please!
Thanks a lot,
Cristovao