Hello, This is a question from a new project (likely to become one of, if not the, the biggest AS4 deployments worldwide) that has many certificates and many CAs. For AS4 security signature validation, there is a discussion to mandate the use of full certificate chains rather than just the leaf certificate in the message. This is the #X509PKIPathv1 option described in:
http://docs.oasis-open.org/wss-m/wss/v1.1.1/os/wss-x509TokenProfile-v1.1.1-os.html#_Toc307416637 For products that use WSS security policy, this can be configured by setting /sp:X509Token/wsp:Policy/sp:WssX509PkiPathV1Token11 Those of you that have AS4 products, does your product support this feature today? Those of you that have AS4 products, and that use WSS security policy, could you try using a policy that uses /sp:X509Token/wsp:Policy/sp:WssX509PkiPathV1Token11 and see if it works? Thanks, Pim