I have been trying to get this module to work, but not succeeded. This is wrong forum, because my problem is not in this module but in xmlsec1 configuration in my server, but I hope you can gime some advice what to do.

Command "/usr/local/bin/xmlsec1 sign --privkey-pem /var/www/sec-keys/dsaprivkey.pem --pubkey-der /var/www/sec-keys/dsapubkey.der --output /var/tmp/SIGNED_xxxxxx /var/tmp/TO_SIGN_xxxxxx" causes this kind of error message:

func=xmlSecOpenSSLX509StoreInitialize:file=x509vfy.c:line=651:obj=x509-store:subj=X509_LOOKUP_add_dir:error=4:crypto library function failed:
func=xmlSecKeyDataStoreCreate:file=keysdata.c:line=1328:obj=x509-store:subj=id->initialize:error=1:xmlsec library function failed:
func=xmlSecOpenSSLKeysMngrInit:file=crypto.c:line=313:obj=unknown:subj=xmlSecKeyDataStoreCreate:error=1:xmlsec library function failed:xmlSecOpenSSLX509StoreId
func=xmlSecOpenSSLAppDefaultKeysMngrInit:file=app.c:line=1270:obj=unknown:subj=xmlSecOpenSSLKeysMngrInit:error=1:xmlsec library function failed:
Error: failed to initialize keys manager.
Error: keys manager creation failed

System is Fedora Core 4 and I have installed libxml2, libxslt and openssl. And the keys were created exactly by the instructions in Google's help page.

Comments

pahariwalla’s picture

pahariwalla commented

Having the same issue and wondering if you've got a solution.

Thanks

Raj

gm.outside’s picture

gm.outside commented
Status: Active » Closed (fixed)

Use "SSL_CERT_DIR=/dev/null xmlsec1 ..." to avoid this error. You may set SSL_CERT_DIR to a directory where the trusted certificate bundle is located, but it's optional unless you want to use other functionality of xmlsec1 where it has to verify the validity of certificates.

Hope this helps :).

pahariwalla’s picture

pahariwalla commented

GM - you are good and fast, heh heh. I was going to come back here and post how yo solved my problem and you already have ! Thanks again. Rajinder