1) Signature MUST check the validity of the certificate. Please check the spec. 2) You can easily download xmlsec library, compile it and either use xmlsec command line tool or setup exactly the same online verifier yourself. Aleksey