Problem verifying membership

Similar Messages

• Provide steps to send Root CA certificate to the Lync client, getting error" There was a problem verifying certificate from the server"

  Hi,
    I Build an Lync 2013 set up with FEpool, Director pool and Exchange server is integrated. I have windows 8 client machine, with Lync client installed. When I try to login to the lync client, I am getting error like"There was a problem verifying
  certificate from the server".
  When I installed ROOT CA cert  manually on client machine I am able to login to the lync client. similarly if I add my client machine in my domain, I am able to login to the Lync client.
  Now is there any other way to send the certificate automatically to the client machine (Which are NOT part of the DOMAIN) from the server, instead of manual installation process.
  Please help me troubleshoot this problem

  Agree with S Guna, there is no easy way to push a certificate automatically to a client that you don't control other than building an installer package and asking them to run it.  In this situation, if there are a lot of non-domain joined machines
  a third party certificate is the way you need to go.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications

• Lync 2010 Certificate Issue - "There was a problem verifying your certificate from the server"

  Greetings.
  My Issue:
  Lync 2010 client does not connect to server;error displayed "Cannot sign into Lync. There was a problem verifying the certificate from the server."
  Description:
  The client is running on my Windows 7 box, and my CA server is a Windows Server 2003 box. I have installed the hotfix on the Server 2003 box to update the Web Enrollment portion of CA to allow for newer clients (Vista and 7) to receive certificates from
  this server. 
  Lync server is running on Server 2008 R2 STD, installation was a success.
  The Windows 7 box is a part of the domain.
  I have manually exported the Root CA from my Enterprise CA server from
  Trusted Root Certification Authorities -> Certificates and imported into the same location on my Windows 7 box. 
  If I look at the certification path on the Root CA, on my Windows 7 box,  it says "The certificate is OK." The same goes for the servers involved. 
  Still nothing.
  I have read the other forum posts on here about people having success once they manually import the Root CA from the Enterprise CA server, but this is not my case here. 
  All certificates are successfully assigned on the Lync server box; however, I did have to manually import the Root CA into Lync server's
  Trusted Root Certification Authorities -> Certificates before I could successfully assign them. Had to do this on another deployment I completed, so I didn't think anything of it.
  To recap: it seems that even with my Root CA imported into my Windows 7 box I can still not connect to my Lync server with the client, and I get the error message "There was a problem verifying the certificate from the server."

  Solved
  Solution :  Export certificate from Lync Server Start > Administrative Tools > IIS > Server Certificate > Export >   abc.pfx   save it,  Copy and place the certificate where Ms Lync 2010 client is installed or getting certificate
  error.  Follow these steps on client machine to install certificate 
  Run > mmc > add or remove snap in > certificates > computer account > local computer >finish > ok > expand Certificate > Trusted Root Certification Authorities > Certificate > All task > Import > copy abc.pfx certificate
  and delete unnecessary certificate from there.
  Restart Client machine and open microsoft Lync client 2010 and open option menu > Personal > Advanced > choose Auto Configuration > save ok

• PPoint OWA there was a problem verifying the certificate

  Hi, I installed Lync 2013 FE, edge and ARR. Recently, with your help, I finally made it work for web based meetings. People have A/V/Whiteboard/ but they are unable to use Share screens and PPoint. 
  I read that I need Office Web Application Server in order to make PPoint work so I followed online tutorial and installed it. As a certificate I at first used self signed but later as I added owa as SAN, I exported it from edge server and imported it in
  OWA Server. I am not sure if this is the way to do that.
  Error for share screen is that it is due to the network issues,
  Error for PPoint is "There was a problem verifying the certificate". Remote user use web browser in order to access meeting, upload the file without any problem, and it says Loading ..... , on the other side I have domain machine with lync client
  that receives notification to accept meeting content, after which error appears.
  Any ideas? 

  Hi all and thanks for your reply. 
  I used this command to create farm (didn't define internal fqdn)
  New-OfficeWebAppsFarm -ExternalURL https://lynweb.domain.com -CertificateName "ExternalCert"
  Everything went smoothly, I can access 
  https://owa.domain.local/hosting/discovery (but cert is shown as unsecured since url is not the same as in cert (Lyncweb.domain.com).
  Because I have split DNS, in my DNS I created lyncweb for the domain.com CNAME entry and I can successfully open https://lyncweb.domain.com/hosting/discovery form LAN.
  I found several mistakes in my config (at least I think so):
  1. In LyncFE I had under discoveryURL domain.local path, so this is why cert error was showing. It was able to access but because of the different URLs name that didn't match certificate name, I was getting an ssl error. - I changed it to lyncweb.domain.com/.....
  2. I didn't have external DNS name for lyncweb.domain.com. In fiddler I saw that it is trying to access to this URL and since it wasn't defined- therefor not able to access. - I created A host record.
  3. Firewall, since lyncweb was defined in ARR I needed to craete FW rule to let access OWA Server. - I added FW rule.
  Current situation is this:
  -- When I access through meeting.domain.com/Lync Client and start PPoint, on the remote client (teleworker where I started PPoint) presentation pops up on teleworker, I can go through the slides, but inside the LAN (second participant) on Lync Client or
  via meet.domain.com I am just getting "Loading ...." and nothing appears. (I tried disabling Firewall but didn't help - so it is not about firewall, especially since OWA and LyncCLient are in the same subnet)
  -- On the other hand when teleworker starts presentation and guest joins (both outside LAN), both can see  presentation.
  I thought that it is because I didn't have internal URL, so I added
  -InternalURL: https://lyncweb.domain.com
  Now I have both internal and external URL that is the same. But it didn't change the situation.
  Any suggestions?

• I have problem " verify your emal "   i can't change account , i removed application and instell again , same problem fix email and " verify email"

  i have problem " verify your emal "   i can't change account , i removed application and instell again , same problem fix email and " verify email"

  The Email ID provided here has CC registered to it in active status. The Email also stands verified. Are you using any other Email ID ?
  Let me know if you are facing issue regarding verification by activating the Cc with the email ID provided here.
  Regards
  Rajshree

• CA issue - Workstation signin "There was a problem verifying the certificate from the server"

  Hi,
  We have issues with all workstations on our domain. I just recently setup Lync 2013 server on a windows 2012 OS. When I went to test sign-in, I received a message "There was
  a problem verifying the certificate from the server". To fix this issue, I had to download the cert and import it into Trust Root Certification Authorities on the local workstation. This will be impossible if I have to do this for multiple machines.
  Is there a way around  this? Why is it asking to do this?
  Thanks guys, much appreciated.
  MM

  You can follow the instructions here to use Group Policy to install your root certificate to all your workstations.
  Or you could re-deploy your CA as an Enterprise CA.
  Hi Georg,
  Thank you for your reply.
  I did deploy my CA as an Enterprise CA..... Not sure why its still asking me to install on workstations?
  How can I confirm its an Enterprise CA?
  Thanks,
  MM

• HT5538 what if the phone is having a problem verifying email address for FaceTime?

  what if the phone is having a problem verifying email address for FaceTime?

  Hey miles r.
  Thanks for the question. I understand that you are experiencing issues with FaceTime. The following resources may provide a solution:
  iOS: Troubleshooting FaceTime and iMessage activation
  http://support.apple.com/kb/TS4268
  iOS: FaceTime or iMessage is "Unable to verify email because it is in use"
  http://support.apple.com/kb/ts3510
  Apple ID: Associating and verifying email addresses with your Apple ID
  http://support.apple.com/kb/HE68
  Thanks,
  Matt M.

• There was a problem verifying the certificate from the server

  i can not sign in to my lync server in client user and the error message is "There was a problem verifying the certificate from the server".
  i can sign in in my lync server by any account but i can not sign in in other pc clients.

  Hi,there,
  Just some additional info...
  Please go through the following old threads with the same error message
  http://social.technet.microsoft.com/Forums/en-US/ocscertificates/thread/19d74620-9ea8-4f19-bc01-25387e4ee380/
  http://social.technet.microsoft.com/Forums/en-US/ocscertificates/thread/7a973094-6cd1-4f3f-9af0-6d330a9b8428 
  http://social.technet.microsoft.com/Forums/en-US/ocscertificates/thread/4034e791-6c3c-4c35-b936-bca734204fd4/ 
  Hope these helpful!
  B/R
  Sharon
  Sharon Shen
  TechNet Community Support
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.

• Is Exercise 9 Linux-Compatible? Having problems verifying Derby DB.

  I'm setting up the server side of this exercise, and am
  having a problem verifying (via verify.cfm) the data source,
  however, the data source verifies successfully in the CF admin.
  Here's the error that verify.cfm throws:
  quote:
  Error Executing Database Query.
  The conglomerate (96) requested does not exist.
  The error occurred in
  /var/www/apps/wwwroot/ex9_CF/reservations/verify.cfm: line 1
  1 : <cfquery name="testdb" datasource="reservations">
  2 : SELECT *
  3 : FROM RESERVATIONS
  SQLSTATE XSAI2
  SQL SELECT * FROM RESERVATIONS WHERE 0=0
  VENDORERRORCODE 30000
  DATASOURCE reservations
  Resources:
  * Check the ColdFusion documentation to verify that you are
  using the correct syntax.
  * Search the Knowledge Base to find a solution to your
  problem.
  Browser Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3)
  Gecko/2008101315 Ubuntu/8.10 (intrepid) Firefox/3.0.3
  ColdFire/1.1.51.59
  Remote Address 127.0.0.1
  Referrer
  http://general.localhost/ex9_CF/reservations/
  Date/Time 10-Nov-08 04:09 PM
  Stack Trace
  at
  cfverify2ecfm564280480.runPage(/var/www/apps/wwwroot/ex9_CF/reservations/verify.cfm:1)
  at
  cfverify2ecfm564280480.runPage(/var/www/apps/wwwroot/ex9_CF/reservations/verify.cfm:1)
  java.sql.SQLException: The conglomerate (96) requested does
  not exist.
  at
  org.apache.derby.impl.jdbc.SQLExceptionFactory40.getSQLException(Unknown
  Source)
  at
  org.apache.derby.impl.jdbc.Util.generateCsSQLException(Unknown
  Source)
  at
  org.apache.derby.impl.jdbc.TransactionResourceImpl.wrapInSQLException(Unknown
  Source)
  at
  org.apache.derby.impl.jdbc.TransactionResourceImpl.handleException(Unknown
  Source)
  at
  org.apache.derby.impl.jdbc.EmbedConnection.handleException(Unknown
  Source)
  at
  org.apache.derby.impl.jdbc.ConnectionChild.handleException(Unknown
  Source)
  at org.apache.derby.impl.jdbc.EmbedStatement.execute(Unknown
  Source)
  at org.apache.derby.impl.jdbc.EmbedStatement.execute(Unknown
  Source)
  at
  coldfusion.server.j2ee.sql.JRunStatement.execute(JRunStatement.java:348)
  at
  coldfusion.sql.Executive.executeQuery(Executive.java:1220)
  at
  coldfusion.sql.Executive.executeQuery(Executive.java:1008)
  at coldfusion.sql.Executive.executeQuery(Executive.java:939)
  at coldfusion.sql.SqlImpl.execute(SqlImpl.java:325)
  at
  coldfusion.tagext.sql.QueryTag.executeQuery(QueryTag.java:831)
  at
  coldfusion.tagext.sql.QueryTag.doEndTag(QueryTag.java:521)
  at
  cfverify2ecfm564280480.runPage(/var/www/apps/wwwroot/ex9_CF/reservations/verify.cfm:1)
  at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:196)
  at
  coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:370)
  at
  coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65)
  at
  coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:279)
  at
  coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)
  at
  coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40)
  at coldfusion.filter.PathFilter.invoke(PathFilter.java:86)
  at
  coldfusion.filter.LicenseFilter.invoke(LicenseFilter.java:27)
  at
  coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70)
  at
  coldfusion.filter.BrowserDebugFilter.invoke(BrowserDebugFilter.java:74)
  at
  coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:2 8)
  at
  coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38)
  at
  coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46)
  at
  coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
  at
  coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
  at coldfusion.CfmServlet.service(CfmServlet.java:175)
  at
  coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
  at jrun.servlet.FilterChain.doFilter(FilterChain.java:86)
  at
  coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42 )
  at
  coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
  at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
  at jrun.servlet.FilterChain.service(FilterChain.java:101)
  at
  jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
  at
  jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
  at
  jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
  at
  jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
  at
  jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
  at
  jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
  at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
  Caused by: java.sql.SQLException: The conglomerate (96)
  requested does not exist.
  at
  org.apache.derby.impl.jdbc.SQLExceptionFactory.getSQLException(Unknown
  Source)
  at
  org.apache.derby.impl.jdbc.SQLExceptionFactory40.wrapArgsForTransportAcrossDRDA(Unknown
  Source)
  ... 45 more

  I re-copied the zip contents to my web root, and now it's
  working, for whatever reason.

• I have problem verifying payment method by my pre-paid visa credit card

  I have a problem verifying payment method by my pre-paid visa credit card ???

  Apple does not accept pre paid cards >  iTunes Store: Accepted forms of payment
  Purchase an iTunes gift card that you can redeem and use to purchase iTunes and App Store content.
  http://www.apple.com/itunes/gifts/?cid=wwa-us-kwg-music-itu

• Verify membership

  Hi, I get this message every day: "We are sorry - we can't connect to the Adobe Server right now. 07 days remaining. Just a reminder that we need to verify your membership is current. You can keep accessing Creative Cloud offline, but if you don't connect to the Adobe Server within the time displayed, your product will stop working..."
  Creative cloud is up to date.
  Could you please help me how to sort this problem?
  Thanks

  Please check if
  Sign in, activation, or connection errors | CS5.5 and later helps
  https://forums.adobe.com/thread/1242072?tstart=0
  Regards
  Rajshree

• While logon to lync it gives error " there was a problem verifying the certificate from the server "

  i already go through all threads related to my question. but not even one thread is satisfying my question  ok my problem is again the same it gives me error as i mentioned in title. client OS is XP. actually can somebody tell  me which certificate
  i should import in which name of certificate group.
  N ya why error has occur. help me 
  thanks in advance 
  jayesh rohit

  You'll want the CS root certificate in the trusted root certificate authorities area of the machine store (vs the user store).  If there are any subordinate CAs with intermediate certificates, put them in the intermediate certification authorities area. 
  Verify that the certificate has the correct SANs for you server.  Did you generate the certificate from the deployment wizard, did you check the box for the sip domains as you went through the wizard?  Is the certificate internally signed by your
  certificate authority?  Are you attempting to connect internally or externally when you see the issue? 
  Can you confirm that your SRV records for _sipinternaltls._tcp.domain.com have the correct port and hostname and that the hostname is also resolvable?  Can you do the same for _sip._tls.domain.com?
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications

• Problem verifying xml signature

  We have a problem with verifying XML Signatures which are part of a SOAP message. Thanks a lot for helping! Hope my problem is understandable - otherwise ask.
  We use the following enviroment:
  Java6
  Axis 2 V1.2 with XML Beans
  Step 1:
  The Java 6 XML Signature is an enveloped signature over an element called payload with exclusive XML canonicalization. We sign the payload and send the payload including signature to the server. At first I discovered the following namespace problem.
  DigesterOutputstream Create Signature:
  FEINER: <Payload Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDAyNDAwPC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:34D51D9DE4B7A19DD411938151524022</MessageID><Timestamp><Created>UNDO</Created></Timestamp></Payload>
  DigesterOutput Verify Signature:
  FEINER: <Payload xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDAyNDAwPC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:34D51D9DE4B7A19DD411938151524022</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp></Payload>
  31.10.2007 08:25:48 org.jcp.xml.dsig.internal.dom.DOMReference validate
  FEIN: Expected digest: 71PfJ/xxn38TtQrpZOpRdqTZsBw=
  31.10.2007 08:25:48 org.jcp.xml.dsig.internal.dom.DOMReference validate
  FEIN: Actual digest: B1Qdei/0yW1mqR2T50LXKFfxhl0=
  Soap request with payload:
  <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header><TelematikHeader xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><MessageID>urn:uuid:34D51D9DE4B7A19DD411938151524022</MessageID><ConversationID /><ServiceLocalization><Type>VSD</Type><Provider>101575519</Provider></ServiceLocalization><MessageType><Component>VSD</Component><Operation>PerformUpdates</Operation></MessageType><RoleDataProcessor /></TelematikHeader><TransportHeader xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><InterfaceVersion>0.0.24.3</InterfaceVersion></TransportHeader></soapenv:Header><soapenv:Body><TelematikExecute xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><Payload Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDAyNDAwPC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:34D51D9DE4B7A19DD411938151524022</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI="#c623c3be-529b-4d6d-8f1e-a4a29660f344"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>71PfJ/xxn38TtQrpZOpRdqTZsBw=</DigestValue></Reference></SignedInfo><SignatureValue>FuhOdrz9kHR0MeAUq9Rxkg6w++7foR77s9AYQUQxb8qPJ44Ba6By8R/H+CCn5JP5cPFz8/mGOgOD NGKLgZp66xbVSWe1UeehmZLH1a2kvHsx/VvYo3Lr5foHsl6YikUBMXCBdhI4ukKJTuwBOK/7m3lu 7Zl07SFo0zWL73gUTxc=</SignatureValue><KeyInfo><X509Data><X509SubjectName>CN=Harris Knafla,OU=IP,O=TK,ST=Hamburg,C=DE</X509SubjectName><X509Certificate>MIIC0DCCAjmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCREUxEDAOBgNVBAgT B0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxCzAJBgNVBAoTAlRLMQswCQYDVQQLEwJJUDEUMBIG A1UEAxMLTmlscyBLbmFmbGExKjAoBgkqhkiG9w0BCQEWG0RyLk5pbHMuS25hZmxhQHRrLW9ubGlu ZS5kZTAeFw0wNzA2MjkxNzQ2MzBaFw0wODA2MjgxNzQ2MzBaMFExCzAJBgNVBAYTAkRFMRAwDgYD VQQIEwdIYW1idXJnMQswCQYDVQQKEwJUSzELMAkGA1UECxMCSVAxFjAUBgNVBAMTDUhhcnJpcyBL bmFmbGEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMjAnKFGjXjbPbi4X1vnI/H7ArNfayv HO7+QbuV1FqIR+aZuAYZeR5v0s8NKyGOcMxscAQk59ZrdfqaaIiwtcXk2fNHphtSVqLqR4NLWO2q xJKXwBcAxIn7byjq/DqjiUr5nmw1cMWJtK1xwB6pVMvCv97KGg2Z8peronBxg6mVAgMBAAGjezB5 MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl MB0GA1UdDgQWBBRaMTzoUhWt1wguyvPlPuUUV8VRtTAfBgNVHSMEGDAWgBQuZ2A4G1XF+GvL7vai Zst6RUCqYjANBgkqhkiG9w0BAQUFAAOBgQAr3rtJIVNchr3pMEfFcSzbJJWo/c0LRkUnWkP1gD6f MqLoLFUbl8k6tKJ9V4P0Oe2BODRIfNyTFjKLzD1lHAFFRz9pzYUx+hq4VDWooA3MsewNDDyJwupi vlmHcM+Y8Cv97q9pERiqAY88TRMZxntl/b98W61KARAO+HUDhTnA1g==</X509Certificate></X509Data></KeyInfo></Signature></Payload></TelematikExecute></soapenv:Body></soapenv:Envelope>     
  The problem is the namespaces under the elements payload and timestamp. For verification the namespaces are inherited from parent element. I wonder why this happens - I thought this should not happen when using exclusive canonicalization, or?
  Step 2:
  Then I added the namespaces before creating the signature , e.g.
  payloadElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "http://ws.gematik.de/Schema/Telematik/Transport/V1");
  for all attributes that are not part of the create signature log. Then the xml signature was verify successfully when I tested this against my own server. See log files:
  DigesterOutputstream for create signature:
  31.10.2007 11:16:00 org.jcp.xml.dsig.internal.DigesterOutputStream write
  FEINER: <Payload xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDMwMjI5PC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:9E0D31C48FDB63BBCD11938257462232</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp></Payload>
  DigesterOutputstream verify signature:
  31.10.2007 11:19:00 org.jcp.xml.dsig.internal.DigesterOutputStream write
  FEINER: <Payload xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDMwMjI5PC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:9E0D31C48FDB63BBCD11938257462232</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp></Payload>
  The whole soap request:
  <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"><wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-3596382">MIIC0DCCAjmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxCzAJBgNVBAoTAlRLMQswCQYDVQQLEwJJUDEUMBIGA1UEAxMLTmlscyBLbmFmbGExKjAoBgkqhkiG9w0BCQEWG0RyLk5pbHMuS25hZmxhQHRrLW9ubGluZS5kZTAeFw0wNzA2MjkxNzQ2MzBaFw0wODA2MjgxNzQ2MzBaMFExCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMQswCQYDVQQKEwJUSzELMAkGA1UECxMCSVAxFjAUBgNVBAMTDUhhcnJpcyBLbmFmbGEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMjAnKFGjXjbPbi4X1vnI/H7ArNfayvHO7+QbuV1FqIR+aZuAYZeR5v0s8NKyGOcMxscAQk59ZrdfqaaIiwtcXk2fNHphtSVqLqR4NLWO2qxJKXwBcAxIn7byjq/DqjiUr5nmw1cMWJtK1xwB6pVMvCv97KGg2Z8peronBxg6mVAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRaMTzoUhWt1wguyvPlPuUUV8VRtTAfBgNVHSMEGDAWgBQuZ2A4G1XF+GvL7vaiZst6RUCqYjANBgkqhkiG9w0BAQUFAAOBgQAr3rtJIVNchr3pMEfFcSzbJJWo/c0LRkUnWkP1gD6fMqLoLFUbl8k6tKJ9V4P0Oe2BODRIfNyTFjKLzD1lHAFFRz9pzYUx+hq4VDWooA3MsewNDDyJwupivlmHcM+Y8Cv97q9pERiqAY88TRMZxntl/b98W61KARAO+HUDhTnA1g==</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-8331318"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#id-28000914"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>Q2LregRFO//cXlkcThu9Bx0jal4=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#id-10464309"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>BX651XEWk4u4pGgshQhocYxPkSo=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Timestamp-7651652"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>ezisLn/pGWNqMHbT6UlHyM4Ez64=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> Xl4SSEwrtyUnsqf8xOmfzojLLU18tOrikOhK+HRyqHqv0lPF+AqANLU6yygNdhbfI5qyef9BLr6I CmSPIX4QQR+Hq45l/Ewa+M2K1OOjqvBUGYyQqrKCqUFtsISr9xPudB8ZmaVfaUu5chjIvy/sPYYx TuYv2Ma6uEwek1YZpbE= </ds:SignatureValue> <ds:KeyInfo Id="KeyId-1823783"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-17125267"><wsse:Reference URI="#CertId-3596382" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" /></wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-7651652"><wsu:Created>2007-10-31T10:16:00.474Z</wsu:Created><wsu:Expires>2007-10-31T10:21:00.474Z</wsu:Expires></wsu:Timestamp></wsse:Security><TelematikHeader xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-10464309"><MessageID>urn:uuid:9E0D31C48FDB63BBCD11938257462232</MessageID><ConversationID /><ServiceLocalization><Type>VSD</Type><Provider>101575519</Provider></ServiceLocalization><MessageType><Component>VSD</Component><Operation>PerformUpdates</Operation></MessageType><RoleDataProcessor /></TelematikHeader><TransportHeader xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><InterfaceVersion>0.0.24.3</InterfaceVersion></TransportHeader></soapenv:Header><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-28000914"><TelematikExecute xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><Payload Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDMwMjI5PC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:9E0D31C48FDB63BBCD11938257462232</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI="#c623c3be-529b-4d6d-8f1e-a4a29660f344"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>XHIiHK4NYczByvAJSZH8u3hSvuQ=</DigestValue></Reference></SignedInfo><SignatureValue>JQnTQJ1TidrMuWmSmpHE3ZR5M728A3tlvKjrM3GxFPuy5YOmmybxR0T7xe72WSdWsqvFT9QGE+iP GL5POuc3s8lLc1QGZRKhZvjHAKFldDNyxAMWRL7ZXmhpjsRXT3HethKWew3669SKjJFkZ1IYEnZz QrJOmgt1MMjWx99CgaQ=</SignatureValue><KeyInfo><X509Data><X509SubjectName>CN=Harris Knafla,OU=IP,O=TK,ST=Hamburg,C=DE</X509SubjectName><X509Certificate>MIIC0DCCAjmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCREUxEDAOBgNVBAgT B0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxCzAJBgNVBAoTAlRLMQswCQYDVQQLEwJJUDEUMBIG A1UEAxMLTmlscyBLbmFmbGExKjAoBgkqhkiG9w0BCQEWG0RyLk5pbHMuS25hZmxhQHRrLW9ubGlu ZS5kZTAeFw0wNzA2MjkxNzQ2MzBaFw0wODA2MjgxNzQ2MzBaMFExCzAJBgNVBAYTAkRFMRAwDgYD VQQIEwdIYW1idXJnMQswCQYDVQQKEwJUSzELMAkGA1UECxMCSVAxFjAUBgNVBAMTDUhhcnJpcyBL bmFmbGEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMjAnKFGjXjbPbi4X1vnI/H7ArNfayv HO7+QbuV1FqIR+aZuAYZeR5v0s8NKyGOcMxscAQk59ZrdfqaaIiwtcXk2fNHphtSVqLqR4NLWO2q xJKXwBcAxIn7byjq/DqjiUr5nmw1cMWJtK1xwB6pVMvCv97KGg2Z8peronBxg6mVAgMBAAGjezB5 MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl MB0GA1UdDgQWBBRaMTzoUhWt1wguyvPlPuUUV8VRtTAfBgNVHSMEGDAWgBQuZ2A4G1XF+GvL7vai Zst6RUCqYjANBgkqhkiG9w0BAQUFAAOBgQAr3rtJIVNchr3pMEfFcSzbJJWo/c0LRkUnWkP1gD6f MqLoLFUbl8k6tKJ9V4P0Oe2BODRIfNyTFjKLzD1lHAFFRz9pzYUx+hq4VDWooA3MsewNDDyJwupi vlmHcM+Y8Cv97q9pERiqAY88TRMZxntl/b98W61KARAO+HUDhTnA1g==</X509Certificate></X509Data></KeyInfo></Signature></Payload></TelematikExecute></soapenv:Body></soapenv:Envelope>
  As you can see in the soap request on top of the xml signature there is a Webservice Security signature (WSSE) over three elements. This should be no problem altough WSSE adds the wsu:id attribute to the body element. WSSE was omitted in step 1 for simplicity.
  I wonder that the attributes which have been set to the payloadElement are not part of the actual message. But it works!
  Step 3:
  The same request was sent to an external webservice server and the server reports a xml signature verification problem. I don't have any logs or further information. But I have to get this to work against this server.
  Java Files for Create + Verify Signature. For Create I get a DOM Node from a XML Bean. For step 1 the attribute setting should be in comments. I use VerifySignature for step 1 + 2.
  SignPayload.java:
  package de.tk.signature;
  import java.io.ByteArrayOutputStream;
  import java.io.FileInputStream;
  import java.io.FileOutputStream;
  import java.io.OutputStream;
  import java.security.KeyStore;
  import java.security.cert.X509Certificate;
  import java.util.ArrayList;
  import java.util.Collections;
  import java.util.List;
  import javax.xml.crypto.dsig.CanonicalizationMethod;
  import javax.xml.crypto.dsig.DigestMethod;
  import javax.xml.crypto.dsig.Reference;
  import javax.xml.crypto.dsig.SignatureMethod;
  import javax.xml.crypto.dsig.SignedInfo;
  import javax.xml.crypto.dsig.Transform;
  import javax.xml.crypto.dsig.XMLSignature;
  import javax.xml.crypto.dsig.XMLSignatureFactory;
  import javax.xml.crypto.dsig.dom.DOMSignContext;
  import javax.xml.crypto.dsig.keyinfo.KeyInfo;
  import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
  import javax.xml.crypto.dsig.keyinfo.X509Data;
  import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
  import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
  import javax.xml.crypto.dsig.spec.TransformParameterSpec;
  import javax.xml.parsers.DocumentBuilderFactory;
  import javax.xml.transform.OutputKeys;
  import javax.xml.transform.Transformer;
  import javax.xml.transform.TransformerFactory;
  import javax.xml.transform.dom.DOMSource;
  import javax.xml.transform.stream.StreamResult;
  import org.w3c.dom.Document;
  import org.w3c.dom.Element;
  import org.w3c.dom.NamedNodeMap;
  import org.w3c.dom.Node;
  import org.apache.xmlbeans.XmlObject;
  import de.tk.schemaTools.TkSchemaHandler;
  import de.tk.util.ClientProperties;
  public class SignPayload {
       public static void signDocument(XmlObject telematikExecuteXmlObject, String payloadId) {
            try {
                 // get Document
                 org.w3c.dom.Node node = telematikExecuteXmlObject.getDomNode();
                 Document documentTo = node.getOwnerDocument();
                 XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
                 Reference ref = fac.newReference("#"+payloadId, fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac
                           .newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null);
                 // Create the SignedInfo.
                 SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
                           Collections.singletonList(ref));
                 KeyStore keyStore = KeyStore.getInstance("JKS");
                 String keyStoreFilename = ClientProperties.getKeystorefile();
                 FileInputStream keyStoreFile = new FileInputStream(keyStoreFilename);
                 keyStore.load(keyStoreFile, "storePwd".toCharArray());
                 keyStoreFile.close();
                 KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("harris", new KeyStore.PasswordProtection("keyPwd".toCharArray()));
                 X509Certificate cert = (X509Certificate) keyEntry.getCertificate();
                 // Create the KeyInfo containing the X509Data.
                 KeyInfoFactory kif = fac.getKeyInfoFactory();
                 List x509Content = new ArrayList();
                 x509Content.add(cert.getSubjectX500Principal().getName());
                 x509Content.add(cert);
                 X509Data xd = kif.newX509Data(x509Content);
                 KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
                 Node payloadNode = new TkSchemaHandler().getNode(documentTo, "Payload");
                 String prefix = payloadNode.getPrefix();
                 NamedNodeMap nameNodeMap = payloadNode.getAttributes();
                 // String baseUri = payloadNode.getBaseURI(); not implemented
                 boolean attributes = payloadNode.hasAttributes();
                 Element payloadElement = (Element) payloadNode;
                 //xmlns is the prefix and first parameter the namespaceURI
                 // xmlns existiert ohne WSSE, beim Create XMLOutputter ausgegeben
                 payloadElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "http://ws.gematik.de/Schema/Telematik/Transport/V1");
                 // existiert ohne WSSE
                 // bei Create nicht; aber bei Verify im DigestOutputter mit drin
                 payloadElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:soapenv", "http://schemas.xmlsoap.org/soap/envelope/");
                 // existiert nur bei WSSE
                 payloadElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
                 Node timestampNode = new TkSchemaHandler().getNode(documentTo, "Timestamp");
                 Element timestampElement = (Element) timestampNode;
                 // existiert ohne WSSE
                 // beim Create Outputter angegeben sowie beim Verify
                 timestampElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
                 // existiert nur bei WSSE, war wohl nur notwendig da bei WSSE Signature auf falschen Timestamp zugegriffen worden ist.
                 // Create a DOMSignContext and specify the RSA PrivateKey and
                 // location of the resulting XMLSignature's parent element.
                 DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(),payloadNode);
                 // Create the XMLSignature, but don't sign it yet.
                 XMLSignature signature = fac.newXMLSignature(si, ki);
                 // DomInfo.visualize(document);
                 SAXBuilderDemo2.print(documentTo);
                 // Marshal, generate, and sign the enveloped signature.
                 signature.sign(dsc);
            } catch (Exception exc) {
                 throw new RuntimeException(exc.getMessage());
  VerifySignature.java:
  import java.io.FileInputStream;
  import java.io.FileOutputStream;
  import java.io.OutputStream;
  import java.security.Key;
  import java.security.KeyStore;
  import java.security.cert.X509Certificate;
  import java.util.ArrayList;
  import java.util.Collections;
  import java.util.Enumeration;
  import java.util.Iterator;
  import java.util.List;
  import javax.xml.crypto.dsig.CanonicalizationMethod;
  import javax.xml.crypto.dsig.DigestMethod;
  import javax.xml.crypto.dsig.Reference;
  import javax.xml.crypto.dsig.SignatureMethod;
  import javax.xml.crypto.dsig.SignedInfo;
  import javax.xml.crypto.dsig.Transform;
  import javax.xml.crypto.dsig.XMLSignature;
  import javax.xml.crypto.dsig.XMLSignatureFactory;
  import javax.xml.crypto.dsig.dom.DOMSignContext;
  import javax.xml.crypto.dsig.dom.DOMValidateContext;
  import javax.xml.crypto.dsig.keyinfo.KeyInfo;
  import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
  import javax.xml.crypto.dsig.keyinfo.X509Data;
  import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
  import javax.xml.crypto.dsig.spec.TransformParameterSpec;
  import javax.xml.parsers.DocumentBuilderFactory;
  import javax.xml.transform.Transformer;
  import javax.xml.transform.TransformerFactory;
  import javax.xml.transform.dom.DOMSource;
  import javax.xml.transform.stream.StreamResult;
  import org.w3c.dom.Document;
  import org.w3c.dom.Node;
  import org.w3c.dom.NodeList;
  public class VerifySignature {
       * @param args
       public static void main(String[] args) {
            // TODO Auto-generated method stub
            try {
                 String filename = args[0];
                 System.out.println("Verify Document: " + filename);
                 XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
                 DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
                 dbf.setNamespaceAware(true);
                 Document doc = dbf
                 .newDocumentBuilder()
                 .parse(
                           new FileInputStream(filename));
  //               Find Signature element.
  //               NodeList nl =
  //               doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
                 Node node = TkSchemaHandler.getNode(doc,"/*[local-name()='Envelope' and namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/']/*[local-name()='Body' and namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/'][1]/*[local-name()='TelematikExecute' and namespace-uri()='http://ws.gematik.de/Schema/Telematik/Transport/V1'][1]/*[local-name()='Payload' and namespace-uri()='http://ws.gematik.de/Schema/Telematik/Transport/V1'][1]/*[local-name()='Signature' and namespace-uri()='http://www.w3.org/2000/09/xmldsig#'][1]");
                 if (nl.getLength() == 0) {
                 throw new Exception("Cannot find Signature element");
                 Node node = nl.item(0); */
  //               Create a DOMValidateContext and specify a KeySelector
  //               and document context.
                 DOMValidateContext valContext = new DOMValidateContext
                 (new X509KeySelector(), node);
  //               Unmarshal the XMLSignature.
                 XMLSignature signature = fac.unmarshalXMLSignature(valContext);
  //               Validate the XMLSignature.
                 boolean coreValidity = signature.validate(valContext);
                 // sample 6
  //               Check core validation status.
                 if (coreValidity == false) {
                 System.err.println("Signature failed core validation");
                 boolean sv = signature.getSignatureValue().validate(valContext);
                 System.out.println("signature validation status: " + sv);
                 if (sv == false) {
                 // Check the validation status of each Reference.
                 Iterator i = signature.getSignedInfo().getReferences().iterator();
                 for (int j=0; i.hasNext(); j++) {
                 boolean refValid = ((Reference) i.next()).validate(valContext);
                 System.out.println("ref["+j+"] validity status: " + refValid);
                 } else {
                 System.out.println("OK! Signature passed core validation!");
            } catch (Exception exc) {
                 exc.printStackTrace();
  Questions:
  1. Do I really have to set all the namespace attributes? I thought with exclusive xml this should not be necessary. Is there any other solution?
  2. Do you think I got all the settings right in SignPayload.java?
  Thanks a lot in advance.
  Cheers !
  Nils

  It seems to be a bug with the JDK you are using. What is the JDK version you are using?

• Problem verifying iCloud set up.

  I am having problem setting up icloud.  The set up procedure states I should receive an email with instructions on how to verify the account.  I have not received the email.  I tried setting up 3 times.  No email each time.  How do I verify my account?

  I have had the same problem.  I recieved a replacement phone and when I went to set it up the it repeatedly said I was having a "server issue" so I skipped it.  Now I can't set it up.  I says to check my email account to set it up and nothing is there. no way to verify it.

• Problem verifying if a given URL exists

  Hi,
  I have migrated from Java 1.2.2 to 1.3 (Windows NT version), and a big problem has arosen.
  I used to verify if a given URL existed with this piece of code:
  try {
  URL url = new URL(path);
  url.openStream();
  } catch (Exceptions ....) {}
  But right now, I get sometimes a "FileNotFoundException" when the file DOES EXIST.
  Is this possible? It only occurs sometimes. Why?
  I also tried this, but this piece of code never throws an exception:
  URLConnection conn = url.openConnection();
  conn.connect();
  Thanks.

  I had the same problem and solved it with this:
    public boolean exists(URL url) {
    try {
      HttpURLConnection con = (HttpURLConnection)url.openConnection();
      con.connect();
      int responseCode = con.getResponseCode();
      con.disconnect();
      return responseCode == HttpURLConnection.HTTP_NOT_FOUND;
    catch (IOException e) {
      e.printStackTrace();
      return false;
    }The code comes from these threads:
  http://forum.java.sun.com/thread.jsp?forum=31&thread=206582
  http://forum.java.sun.com/thread.jsp?forum=31&thread=249739