[xmlsec] Including X509 cert chain in Signature

David Allen d.allen at qub.ac.uk
Sat Jan 12 15:53:11 PST 2008

Apologies if this is has already been dealt with - I'm a newbie so please be patient with me!

I have sucessfully signed (using the C API) a dynamic template using a key that was stored in the Windoze certificate store. The corresponding X.509 certificate has been included in the key info BUT the root CA certificate (a local self-signed one that is in the trusted root store on windoze) has NOT been included. xmlseca.exe (on the same machine) successfully verifies the signature.

Two questions,
1/ How do I force inclusion of the root certificate?
2/ Should the signature verify in the absence of the root certificate?

Many Thanks
David Allen

More information about the xmlsec mailing list