Certificate issues with WSE/JWSDP WS-Security article

A few people have asked me about using their own X.509 certificates after reading the WSE/JWSDP WS-Security article on the MSDN Interop Home page.  It appears that although the supplied sample certificates work just great, things can go bad when you try and use your own.  

After chatting with the folks at Sun, it appears that JWSDP 1.4 has a limitation that it works only with X.509 v3 certificates that have subject key identifier extension.  If the certificate doesn’t have a subject key identifier extension, it can’t be used to sign or encrypt any messages from the JWSDP service.

I’m not sure whether this is fixed in JWSDP 1.5.  I plan to test this in the next couple of weeks, unless anyone has tried this already (then please let me know!).

Comments (0)

Skip to main content