I take your point about forcing inclusion of the root certificate
> but what about intermediate certificates? While they are necessary to > establish trust, they are not by themselves (i.e. without the root > cert) **sufficient** to establish trust.
You can include these certificates into the signature if you 1) Load key and attach certs to it (e.g. using pkcs12 file, or using xmlsec command line options, or manually in your app). 2) Add <X509Data/> element to the template. Check the xmlsec/test/ folder for examples. Best, Aleksey _______________________________________________ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
