> Any adivce on what's going on and how to fix it? The signature you're verifying is an HMAC, which is a way of signing messages using symmetric keys instead of public/private pairs. Both ends need to share the secret, and you'd have to give that to the verify operation, not a public key certificate.
-- Scott
