MustUnderstand headers are not understood

Dec 5, 2014 at 8:30 PM
Working with the IPAWSTester, I was receiving "SecurityVersion.WSSecurityJan2004 does not support header encryption."

Resolved this by setting messageSecurityVersion to "WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"

I am now receiving: MustUnderstand headers:[{http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd}EncryptedHeader] are not understood.

Any help on this issue would be appreciated.

Thanks
Coordinator
Dec 29, 2014 at 3:09 PM
Hi Vanyon,

A couple of questions. What version of the IPAWSTester and IPAWSProxyLib are you using? Was this working previously for you or is this new?

IPAWS made a change in v03.05 (I believe) that requires mutual certificate authentication. If you haven't already, you will need to get a copy of their server cert. See instructions below.

Sorry for the delay.

Brian Wilkins


Fetching the IPAWS Server Cert and Importing into the Windows Certstore

Navigate to the IPAWS server in Chrome. IE doesn’t work for this for some reason. Click on the lock next to the address and click Certificate Information in the Connection tab. This will open the certificate information

Copy the certificate to a file using the default options.

Open the certificate manager. Windows Key + r. Type in certmgr.msc and hit enter.

Click on View Options… Check Physical certificate stores. Close the dialog.

Open the Trusted Publishers folder in the sidebar. Right click on Local Computer and choose All Tasks  Import…
In the resulting dialog choose the cert file. Continute with the default options for importing.

The certificate should now show up in the Trusted Publishers\Local Computer\Certificates folder.