In section 5.2.3 of AS4 it is claimed that the header is configured using the
"PMode.Security.X509.sign: (for option (b))
PMode.Security.X509.SignatureCertificate: (for option (b))"
"NOTE: in (b), the P-Mode parameters about X509 are controlling both the authentication of eb:PullRequest signals and authentication of other User
But it is not possible to use the same parameters for signing both the (pulled) user message and the (pulling) pull request signal message. The pull request is signed by the initiator (receiver). The certificate used is the certificate of the initiator. The user message is signed by the responder (sender). The certificate used is the certificate of the responder.
So we need separate parameters to configure the two certificates.
(And "SignatureCertificate" should be "Signature.Certificate").
This is a follow on from https://issues.oasis-open.org/browse/EBXMLMSG-97. A separate issue is created as it relates to a different specificaion document.