I'm calling a third-party Web Service with SOAP requests. This service requires me to to sign my SOAP requests digitally. Regarding to How to buy a X.509 certificate for signing digital payloads question, I bought an Email Signing Certificate from Entrust.
I got the private key from Entrust in .p12 format. I used Windows Certificate Manager to extract the public key from it. I delivered this public key to my Web Service provider. I could not use the private key directly in .p12format in my program, so I used openssl to convert it to .pem format. Strictly speaking, I used this kind of command: openssl pkcs12 -in path.p12 -out newfile.key.pem -nocerts -nodes.
I use converted private key, public key and passphrase to crate a signature to my SOAP request's header, however, the service is giving me an error "Security token failed to validate" when I send the request. I can't see any specific error as I can only see certificate data in the error.
Is there something I'm doing wrong?
EDIT: Maybe the problem is related to my certificate. I found that my certificate's hashing algorithm is SHA-256 although my SOAP client only supports SHA-1 as well as the third-party service provider.
