How to tell XMLDSIG API to put X.509 certificate in a digital signature