Is it possible to add another root/intermediate certificate into TrustedList to verify QESig

[climsaroj]

I've a question about how to add another root/intermediate certificate into TrustedList to verify for QESig

I've successfully add a signer certificate into customCertificate Source which is
certificateVerifier.setTrustedCertSources( trustedListSource(), trustedCertificateSource() ); certificateVerifier.setTrustedCertSources( trustedListSource(), customCertificateSource() );
and it successfully verify the signature but it the Qualification shows N/A and Unable to build a certificate chain up to a trusted list!

So, I tried to add my root and intermediate certificate into eu-lotl-no-sig.xml and signed it and it shows that NO_CERTIFICATE_CHAIN_FOUND

Am I do it correctly or any help would be appreciated.

Thank you

[bsanchezb]

Hello,

Thank you for your message.

The qualification information is build based on data extracted from two sources: the certificate and a Trusted List, according to ETSI TS 119 615. As you provide trust anchors which are not present in any Trusted List, DSS does not have sufficient information for performing a qualification determination process as per standard, thus returning the "N/A" status.

In the meantime, the AdES validation (as per ETSI EN 319 102-1) works with any provided trust anchors, without requiring a Trusted List relationship, successfully validating your certificate chain and the signature, and returning the TOTAL-PASSED indication.

I.e., without a Trusted List, the determination of a qualification status is not possible. Note, that the current certificate chain shall reach the Trusted List.

I hope this clarifies.

Best regards,
Aleksandr