Tuesday, June 12, 2007

FAQ - OWSM 10.1.3 : What is the use of cerificate alias in Verify signature step

In OWSM 10.1.3.x, verify signature step verifies the signature using the client certificate present as Binary Security Token (BST) in the SOAP message. It doesn't use the certificate alias from step configuration for signature verification.
The certificate alias from step configuration is used for verifying the chain of the incoming certificate in BST. The alias can point to either of the following.

  • root certificate authority (CA) certificate
  • intermediate certificate authority (CA) certificate
  • "*" - The certificate chain is verified against all the trusted certs in the keystore. Any one of the trusted certs should match. This is particularly useful when you have requests coming from multiple clients that don't share the same intermediate or root CA certificate.