[xmlsec] Including X509 cert chain in Signature

Aleksey Sanin aleksey at aleksey.com
Thu Feb 7 14:25:16 PST 2008

> I take your point about forcing inclusion of the root certificate 
 > but what about intermediate certificates? While they are necessary to
 > establish trust, they are not by themselves (i.e. without the root
 > cert) **sufficient** to establish trust.

You can include these certificates into the signature if you
1) Load key and attach certs to it (e.g. using pkcs12 file,
or using xmlsec command line options, or manually in your app).
2) Add <X509Data/> element to the template.

Check the xmlsec/test/ folder for examples.


More information about the xmlsec mailing list