[xmlsec] X509 - does cert need to be included in XML?

Aleksey Sanin aleksey at aleksey.com
Mon Nov 17 16:36:05 PST 2008

Mark Young wrote:
> Well, I understand that X509 certificates have a "Subject" field, but I 
> wasn't sure how you were suggesting I make use of that.  Are you saying 
> that I should use the X509SubjectName element provided by the xmldsig 
> specification, and that xmlsec will match the contents of 
> X509SubjectName with the contents of the Subject field of one of the 
> certificates in the Keys Manager?

Correct. The "subject" (generally speaking) is a way to
uniquely identify a certificate issued by a given CA. Same is
true for "issuer name" + "serial number" combination.
Either of the two ("subject" or "issuer name" + "serial number")
can be used to lookup a certificate in the keys manager.


More information about the xmlsec mailing list