diff --git a/HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifestValidator.java b/HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifestValidator.java
index 0e6412c5..749c0ab8 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifestValidator.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifestValidator.java
@@ -241,6 +241,7 @@ public class ReferenceManifestValidator {
                 if (embeddedCert != null) {
                     if (isCertChainValid(embeddedCert)) {
                         context = new DOMValidateContext(new X509KeySelector(), nodes.item(0));
+                        subjectKeyIdentifier = getCertificateSubjectKeyIdentifier(embeddedCert);
                     }
                 }
             } else {
@@ -465,6 +466,10 @@ public class ReferenceManifestValidator {
             for (X509Certificate trustedCert : trustStore) {
                 boolean isIssuer = areYouMyIssuer(chainCert, trustedCert);
                 boolean isSigner = areYouMySigner(chainCert, trustedCert);
+                boolean itIsMe = areYouMe(chainCert, trustedCert);
+                if (itIsMe) {
+                    continue;
+                }
                 if (isIssuer && isSigner) {
                     if (isSelfSigned(trustedCert)) {
                         log.info("Root CA found.");
@@ -490,6 +495,21 @@ public class ReferenceManifestValidator {
         return false;
     }
 
+    /**
+     * This method checks if cert's issuerDN matches issuer's subjectDN.
+     * @param cert the signed certificate
+     * @param issuer the signing certificate
+     * @return true if they match, false if not
+     * @throws Exception if either argument is null
+     */
+    private boolean areYouMe(final X509Certificate cert, final X509Certificate issuer)
+            throws Exception {
+        if (cert == null || issuer == null) {
+            throw new Exception("Cannot verify issuer, null certificate received");
+        }
+        return Arrays.equals(cert.getEncoded(), issuer.getEncoded());
+    }
+
     /**
      * This method checks if cert's issuerDN matches issuer's subjectDN.
      * @param cert the signed certificate