Digital Certificate Verification

Hi, During a test phase I came across an amusing problem.

I signed a message from server1 base encoded the message and http 'ed it to server2.

In server2 I base decoded and called “verify” it gave me “Trusted: true and Status: verified” in signerInfo output. I had a client certificate configured during that time.

I later removed the client certificate restarted the server and still “verify” reported that “Trusted: true and Status: verified”.

I am not clear how is it verifying the certificate chain now. Just to make sure that some certificate is not in the thin Air somewhere I changed the certificates in Server1 for signing and resend the message still server2 reponded as “Trusted: true and Status: verified”.

Did I come across any bug? I am with wm6.0.1 GA version. Or “verify” is only verifying that the data is untampered. If that is the case what does “Trusted” mean in the output.

Note: I had restarted the server during all these changes.