Menu
▾
▴
Re: [ebxmlms-general] Demo on Signed acknowledge and Digital Signature
|
From: Patrick Y. <kc...@ce...> - 2005-08-02 03:04:59
|
Basically, you will need two pairs of keys. One for sender and one for receiver. Let's say they are named pkey_sender.p12 and pkey_receiver.p12. You need to put the name of keystore under the AckSign properties, your example is correct in specifying this. Next, you need to import the public cert of the issuing CA to the both Hermes. You need to import the .crt file to a keystore, typically in JKS or PKCS format. And then specify the file name of the keystore in the TrustedAnchor. Please do not specify the .crt file directly. Hope this helps. Regards, Patrick Yee Center for E-Commerce Infrastructure Development Making E-Commerce Everyday Commerce em...@og... wrote: > > Grateful if anyone successfully configuring Hermes to adopt the > digital signature could share the experience. > > When I performed a demo using MSH Monitor, the "Cannot receive > acknowledgement" error message was logged in Error History after a > message was sent with the "Require Signed Acknowledgement" selected. > When I sent a message with appropriate information specified in the > "Digital Signature" section in the MSH Monitor, no any result/error > message was received in Send/Receive/Error History. > > The private key used for signing the message itself or its > acknowledgement is named "pkey.p12" while the certificate of the > issuing CA was "SubCA.crt". > > <DigitalSignature> in msh.properties.xml for both the sending Hermes > and receiving Hermes was configured as follows: > > *-* <file://c:/program/#> <DigitalSignature> > *-* <file://c:/program/#> <TrustedAnchor> > *-* <file://c:/program/#> <KeyStore> > * * <Path>*/hermes*</Path> > * * <File>*SubCA.crt*</File> > * * <Password></Password> > * * </KeyStore> > * * </TrustedAnchor> > *-* <file://c:/program/#> <AckSign> > *-* <file://c:/program/#> <KeyStore> > * * <Path>*/hermes*</Path> > * * <File>*pkey.p12*</File> > * * <Algorithm>*dsa-sha1*</Algorithm> > * * <Alias>*ackkey*</Alias> > * * <Password>*XXXXXXXXXXXXXXX*</Password> > * * </KeyStore> > * * </AckSign> > * * </DigitalSignature> |
