[xmlsec] Including X509 cert chain in Signature
David Allen
d.allen at qub.ac.uk
Sat Jan 12 15:53:11 PST 2008
Apologies if this is has already been dealt with - I'm a newbie so please be patient with me!
I have sucessfully signed (using the C API) a dynamic template using a key that was stored in the Windoze certificate store. The corresponding X.509 certificate has been included in the key info BUT the root CA certificate (a local self-signed one that is in the trusted root store on windoze) has NOT been included. xmlseca.exe (on the same machine) successfully verifies the signature.
Two questions,
1/ How do I force inclusion of the root certificate?
2/ Should the signature verify in the absence of the root certificate?
Many Thanks
David Allen
More information about the xmlsec
mailing list