EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Advanced XML Signer. Xades-A level

Posted: 12/09/2015 12:44:14
by Manuel Muñoz (Basic support level)
Joined: 12/09/2015
Posts: 2

Hi, I have navigate across the forum and I couldn't see a relationed topic, but I suspect it has to be something like that, if that's true, redirect me therre please. Otherwise:

I have tried to use the advanced XML Signer, to get a Xades A level signature, but I can't do it. I have a p12 certificate, a TSA url, the file to sign.

I don't introduce nothing on Reference Data Form.

On Xades options, I fill the production Place, the claimed roles and the TSA url. I don't add any additional certificate and any Policy Id.

After that, I check Include key and Include Key Value, and I use Key_/certificate from file (the p12 one I mentioned).

Finally, I press Sign button and got: Failed to sign data and to save the signature. Collected validation information is not complete.

So, what am I doing wrong? Have I missed some data? Which data?

Posted: 12/09/2015 14:42:12
by Dmytro Bogatskyy (Team)

Thank you for contacting us,

Finally, I press Sign button and got: Failed to sign data and to save the signature. Collected validation information is not complete.

This error could occur if the components fails to automatically collect revocation info for XAdES-C or XAdES-X-L form and if TElXAdESSigner.IgnoreChainValidationErrors property set to false.
You may disable this check by enabling IgnoreChainValidationErrors property, please see: http://info.eldos.com/documentation/s...rrors.html

Automatic revocation info collection could fail for the several reason, for example: CA certificate not trusted, or the component fails to obtain CRL and/or OCSP responses.
You can get extended log by handling TElXAdESSigner.OnAfterCertificateValidate event and reading CertValidator.InternalLogger.Log property.

Also, the TElXAdESSigner component can add revocation info in the manual mode. To do this you would need to create XAdES-T form and then upgrade it to a higher form. Please check the following article: https://www.eldos.com/security/article...p?page=all

So, what am I doing wrong?

So at first, please try to create XAdES-T form using Advanced Signer sample, and then extend/upgrade to a higher XAdES form. By doing this, you will have the possibility to set IgnoreChainValidationErrors property or provide additional certificates and/or revocation info.



Topic viewed 1598 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!