[Question] Signing container with test certificate

Question

[Question] Signing container with test certificate

konstantinsp opened this issue 3 years ago · 4 comments

Hello,

Im trying to sign container with test certificate using digidoc-tool command:

.\digidoc-tool.exe create test.asice --file="test.pdf" --mime="application/octet-stream" --pkcs12="test.p12" --pin="test" --tsurl="http://demo.sk.ee/tsa/" --loglevel=4

and im getting this error
Could not find certificate issuer '**************************' in certificate store.

How can i add my test certificate to store?
or is there any parameter in command to bypass this?

Answer 1 · 2021-11-16T07:40:02.000Z

It depends of the certificate type. If it is issued by SK ID solutions there is option use test TSL lists.
https://github.com/open-eid/libdigidocpp/wiki/Using-test-TSL-lists.
If it is self issued you may need to create own TSL lists.
There is option also create only signature without validate. The signing certificate should have AIA extension and then point to correct issuer certifiate and OCSP URL

Answer 2 · 2021-11-16T07:58:11.000Z

It is a Swedbank Gateway Test certificate. as i can see it is issued by them.
Is there any guide on TSL list creation?

Answer 3 · 2022-01-11T12:45:10.000Z

' The signing certificate should have AIA extension and then point to correct issuer certifiate and OCSP URL
Seems like a2fea2d is not released
Can you build libdigidocpp from master or use github actions artifacts

.\digidoc-tool.exe create test.asice --file="test.pdf" --mime="application/octet-stream" --pkcs12="test.p12" --pin="test" --tsurl="http://demo.sk.ee/tsa/" --loglevel=4 --dontValidate

Answer 4 · 2022-02-04T11:16:57.000Z

Closing due inactivity, reopen if needed.