security: In IdentityManager::signByCertificate, when setting the KeyLocator keyName, use certificateName.getPrefix(-1) to remove the version number. Refs #1088.
diff --git a/CHANGELOG b/CHANGELOG
index e09485f..32ad567 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -5,6 +5,7 @@
 * http://redmine.named-data.net/issues/1064 Add ax_lib_sqlite3.m4, etc. to m4 directory so that autogen.sh works out of the box.
 * http://redmine.named-data.net/issues/1077 Move the BasicIdentityStorage sqlite file to ~/.ndnx/ndnsec-identity.db .
   NOTE: If you have an old file at ~/.ndn-identity/identity.db, please move it to ~/.ndnx/ndnsec-identity.db .
+* http://redmine.named-data.net/issues/1088 Certificate name in KeyLocator should not include the version number.
 * Fix bug in getForwardingEntryFlags: Need to check all flags, not the first flag using "else if".
 
 Changes
diff --git a/src/security/identity/identity-manager.cpp b/src/security/identity/identity-manager.cpp
index 90bc043..10168d1 100644
--- a/src/security/identity/identity-manager.cpp
+++ b/src/security/identity/identity-manager.cpp
@@ -220,7 +220,7 @@
   DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256;
     
   signature->getKeyLocator().setType(ndn_KeyLocatorType_KEYNAME);
-  signature->getKeyLocator().setKeyName(certificateName);
+  signature->getKeyLocator().setKeyName(certificateName.getPrefix(-1));
   // Omit the certificate digest.
   signature->getKeyLocator().setKeyNameType((ndn_KeyNameType)-1);
   // Ignore witness and leave the digestAlgorithm as the default.