My understanding (which may be flawed!) is that the following output represents a single unique chain:
Yes, this is a single chain :) Next idea, could you try to remove the self-signed (root) certificate from the signature and just supply it as the parameter to xmlsec command line utility? I can see how openssl can be confused if it this certificate in two places. Aleksey _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
