[xmlsec] Including X509 cert chain in Signature

Aleksey Sanin aleksey at aleksey.com
Mon Jan 14 19:10:51 PST 2008

> 1/ How do I force inclusion of the root certificate?
You don't want to. Root certificate (trusted certificate)
establishes "trust" and it should be communicated to
the verifier by the outside trusted channel.

> 2/ Should the signature verify in the absence of the root certificate?
No. See above.

You might want to read a book on PKI/certificates.


More information about the xmlsec mailing list