it should still fix some issue One way people do this is to configure Client Certificate Authentication on their web server. That way it is done before your app is handling the request. This type of method is always available on the connection. For example, Apache is able to do this and IIS should be able to do it. The option you refer to is for signing the body of a SOAP request given that you have also enabled SOAP. Why would you use this if the TLS connection already allows you to authenticate the client? This is for when the connection is received by some sort of proxy which then forwards the SOAP body onto another server/application for processing. Signing the SOAP body allows that app to properly validate that it came from DocuSign even though it doesn't have access to the TLS connection information.
Does that help As comments already indicate, using the getSignature method you do get the signature. It is a byte, though. Thus, you should not expect anything usable from its toString value. Concerning your original objective, though:
* Verifies that this certificate was signed using the
* private key that corresponds to the specified public key.
* @param key the PublicKey used to carry out the verification.
public abstract void verify(PublicKey key)
* Gets the public key from this certificate.
* @return the public key.
public abstract PublicKey getPublicKey()
How do I Implement Docusign Connect API authentication with the Include X509 Certificate option checked?
seems to work fine Signing with x509 will digitally sign the notification (xml), include x509 in certificate is specific to SOAP publishing, and will include the (same) x509 in the SOAP header if you are using the SOAP method.
JCE: Exception while verifying X509 self-signed certificate
around this issue It turns out that this is an issue with caching the trust manager. With either the default providers or our custom provider, the trust manager is initially instantiated with the cacerts truststore.