0 Replies Latest reply on Dec 22, 2010 10:10 AM by Federico Jorge

    Looking for keys in the wrong place

    Federico Jorge Newbie

      Hi, i found that when a client use X509 Certificate Token Reference:

      • keyIdentifier

                or

      • x509IssuerSerial

       

      the server looks for the keys in the keystore instead of the truststore.

      In the case of:

      • directReference (default)

      the server looks for the key in the truststore.

       

      I have veryfied this with some other guy, and i test this several times.

      I know this might be not very important, but i would like your opinions if i should report a jira with the 'bug'.

      I will try to look forward a solution for this.

       

      --

      The other thing i found is that when receiving x509IssuerSerial from SoapUI (i think it use some apache implementation, but nnot sure)

      the IssuerName is send as:

      CN=Entidad Cert. TEST de Sistema de Transporte Metropolitano,OU=STM,O=IMM,C=UY

       

      but what Jboss expected is:

       

      CN=Entidad Cert. TEST de Sistema de Transporte Metropolitano, OU=STM, O=IMM, C=UY

       

      I tried to look for the standard to determine if the problem is from SoapUI or if Jboss should support receiving the IssuerName without spaces after comma but dont find nothing strictly talking about this.

      Anyway im quite new to all this security stuff. I would like to hear an experienced voice.

       

      Greetings.