Pascal Alma wrote > > So it is quite normal to obtain the certificate from the message header > and use that to validate the signing of the message? It cannot have to do > with the fact that they use some 'embedded' root certificate or a complete > chain when signing the message and I only have the 'upper' level > certificate with the public key? (I am not sure if I make sense in this > question so please let me know if you don't get it). >
I haven't tried with recent versions of CXF, but at least with 2.2.x that didn't work. I always had to import the "leaf" certificate into my keystore, too, to make validation work. Jens -- View this message in context: http://cxf.547215.n5.nabble.com/CXF-2-3-1-Message-signature-doesn-t-get-validated-tp5155316p5157968.html Sent from the cxf-user mailing list archive at Nabble.com.
