Hi Marcin, I just saw your question on nabble now.
> Everything works fine when I place client public key in server truststore. >My question is: >What I should do to validate client certificate without having this cert in server truststore. > I thoought "DirectReference" does it . You need to either have the client certificate in the keystore *or* the issuing cert of the client cert in the truststore. Otherwise you have no way of verifying trust in the client certificate. If you want to change this logic then you need to plug in a custom Validator instance for signature trust verification. Colm. -- View this message in context: http://cxf.547215.n5.nabble.com/CXF-WSS4J-signature-validation-problem-tp5719033p5719409.html Sent from the cxf-dev mailing list archive at Nabble.com.
