I am using Sign action to sign my soap messages. After signing the request, the action adds a tag like this;
<dsig:X509IssuerName>O="\C4\B0ntranet A.\C5\9E.", C=.., CN="\C4\B0ntranet A.\C5\9E."</dsig:X509IssuerName>
As you see, Datapower converts some characters to UTF-8(hex) format(İ -> \C4\B0). Actually there is no problem with our Java clients, but one of our .net clients is having trouble verifying the signature and what we are thinking is that, the .net client is not able to resolve the IssuerName correctly because of the UTF8 hex characters. So, can we add the IssuerName's information properly(without converting UTF8 hex) in security header?
NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
This topic has been locked.
2 replies Latest Post - 2012-10-31T14:28:24Z by SystemAdmin
Pinned topic signing with X509IssuerSerial and UTF-8 hex problem
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2012-10-31T14:28:24Z at 2012-10-31T14:28:24Z by SystemAdmin
inestlerode 270001CUTT166 PostsACCEPTED ANSWER
Re: signing with X509IssuerSerial and UTF-8 hex problem2012-10-24T18:43:04Z in response to SystemAdminXML DSIG allows many different ways to identify the certificate of the message's signer. The two bad ones to use are X509SubjectName and X509IssuerSerial as they both involve distinguished names which means you will immediately end up in bad interop territory between different pieces of software (as you have noticed Java is ok but .NET is not).
I would suggest changing your configuration so that the certificate is identified using X509Certificate (where the certificate is inlined rather than the issuer DN and the serial) as this gets rid of all of the interop problems involving the string representation of DNs.
SystemAdmin 110000D4XK6772 PostsACCEPTED ANSWER
Re: signing with X509IssuerSerial and UTF-8 hex problem2012-10-31T14:28:24Z in response to SystemAdminThanks inestlerode for your answer. You might be right about IssuerName, but it is too late to change it. The system is live and this is the first .NET client of us. So i can't make a big change on our system.
I've tried to sign the same message with a Java application and it behaves the same with .NET. It doesn't change the issuerName.(O="İntranet A.Ş.") So, there might be something to do this in the same way with Datapower. Am i right, is there any conf. about this on DP?