I am in a situation where my software is calling a third party web service (SOAP) and using WS-Security for client authentication using a client certificate and digital signing of the message contents. The vendor requires that the certificate I send them has a trust chain that originates from a trusted authority (Verisign, Thawte, etc) - They will not allow me to self-sign.
When you go to sites who sell certificates, most only have 3 options:
- SSL Certificates
- "Code Signing" Certificates
- "Document Signing" Certificates
"Document signing" seems like the closest to what I need, but much of the literature on the sites talks about how they can be used to sign Word and PDF documents for an extra layer of security for actually having a human "sign" for a document.
Is there any way to buy a certificate specifically for automated binary payload/message signing that will work with WS-Security and is not rate-limited? (e.g. some sites require timestamping and 'phoning home' to be able to track how many documents you have signed)
This is seems like it would be a common request for B2B scenarios but there is very little out there in terms of documentation.