diff --git a/packages/did-utils/src/didFunctions.ts b/packages/did-utils/src/didFunctions.ts
index 028b78449..8d3aa0903 100644
--- a/packages/did-utils/src/didFunctions.ts
+++ b/packages/did-utils/src/didFunctions.ts
@@ -130,12 +130,15 @@ export function extractPublicKeyHexWithJwkSupport(pk: _ExtendedVerificationMetho
 export async function mapIdentifierKeysToDocWithJwkSupport(
   identifier: IIdentifier,
   section: DIDDocumentSection = 'keyAgreement',
-  context: IAgentContext<IResolver>
+  context: IAgentContext<IResolver>,
+  didDocument?: DIDDocument
 ): Promise<_ExtendedIKey[]> {
-  const keys = await mapIdentifierKeysToDoc(identifier, section, context)
-  const didDocument = await resolveDidOrThrow(identifier.did, context)
+  const rsaDidWeb = identifier.keys && identifier.keys.length > 0 && identifier.keys[0].type === 'RSA' && didDocument
+  // We skip mapping in case the identifier is RSA and a did document is supplied.
+  const keys = rsaDidWeb ? [] : await mapIdentifierKeysToDoc(identifier, section, context)
+  const didDoc = didDocument ? didDocument : await resolveDidOrThrow(identifier.did, context)
   // dereference all key agreement keys from DID document and normalize
-  const documentKeys: VerificationMethod[] = await dereferenceDidKeysWithJwkSupport(didDocument, section, context)
+  const documentKeys: VerificationMethod[] = await dereferenceDidKeysWithJwkSupport(didDoc, section, context)
 
   const localKeys = identifier.keys.filter(isDefined)
   // finally map the didDocument keys to the identifier keys by comparing `publicKeyHex`
diff --git a/packages/did-utils/src/x509-utils.ts b/packages/did-utils/src/x509-utils.ts
index f6867a297..abd3a702e 100644
--- a/packages/did-utils/src/x509-utils.ts
+++ b/packages/did-utils/src/x509-utils.ts
@@ -17,7 +17,7 @@ export function pemCertChainTox5c(cert: string, maxDepth?: number): string[] {
    * `maxdepth` The maximum number of certificates to use from the chain.
    */
 
-  const intermediate = cert.replace(/-----[^\n]+\n?/gm, ',').replace(/\n/g, '')
+  const intermediate = cert.replace(/-----[^\n]+\n?/gm, ',').replace(/\n/g, '').replace(/\r/g, '')
   let x5c = intermediate.split(',').filter(function (c) {
     return c.length > 0
   })
diff --git a/packages/vc-handler-ld-local/src/agent/CredentialHandlerLDLocal.ts b/packages/vc-handler-ld-local/src/agent/CredentialHandlerLDLocal.ts
index 8848f721f..83e03929b 100644
--- a/packages/vc-handler-ld-local/src/agent/CredentialHandlerLDLocal.ts
+++ b/packages/vc-handler-ld-local/src/agent/CredentialHandlerLDLocal.ts
@@ -149,9 +149,9 @@ export class CredentialHandlerLDLocal implements IAgentPlugin {
     }
     // Workaround for bug in TypeError: Cannot read property 'length' of undefined
     //     at VeramoEd25519Signature2018.preSigningPresModification
-    if (!presentation.verifier) {
+    /*if (!presentation.verifier) {
       presentation.verifier = []
-    }
+    }*/
 
     if (!isDefined(presentation.holder) || !presentation.holder) {
       throw new Error('invalid_argument: args.presentation.holder must not be empty')
diff --git a/packages/vc-handler-ld-local/src/ld-credential-module.ts b/packages/vc-handler-ld-local/src/ld-credential-module.ts
index c6ae2bb72..87f822d86 100644
--- a/packages/vc-handler-ld-local/src/ld-credential-module.ts
+++ b/packages/vc-handler-ld-local/src/ld-credential-module.ts
@@ -53,7 +53,7 @@ export class LdCredentialModule {
     key: IKey,
     verificationMethodId: string,
     purpose: typeof ProofPurpose = new CredentialIssuancePurpose(),
-    context: IAgentContext<RequiredAgentMethods>
+    context: IAgentContext<RequiredAgentMethods>,
   ): Promise<VerifiableCredentialSP> {
     debug(`Issue VC method called for ${key.kid}...`)
     const suite = this.ldSuiteLoader.getSignatureSuiteForKeyType(key.type, key.meta?.verificationMethod?.type)
@@ -96,10 +96,10 @@ export class LdCredentialModule {
     purpose: typeof ProofPurpose = !challenge && !domain
       ? new AssertionProofPurpose()
       : new AuthenticationProofPurpose({
-          domain,
-          challenge,
-        }),
-    context: IAgentContext<RequiredAgentMethods>
+        domain,
+        challenge,
+      }),
+    context: IAgentContext<RequiredAgentMethods>,
   ): Promise<VerifiablePresentationSP> {
     const suite = this.ldSuiteLoader.getSignatureSuiteForKeyType(key.type, key.meta?.verificationMethod?.type)
     const documentLoader = this.ldDocumentLoader.getLoader(context, true)
@@ -129,7 +129,7 @@ export class LdCredentialModule {
     context: IAgentContext<IResolver>,
     fetchRemoteContexts = false,
     purpose: typeof ProofPurpose = new AssertionProofPurpose(),
-    checkStatus?: Function
+    checkStatus?: Function,
   ): Promise<boolean> {
     const verificationSuites = this.getAllVerificationSuites()
     this.ldSuiteLoader.getAllSignatureSuites().forEach((suite) => suite.preVerificationCredModification(credential))
@@ -177,8 +177,8 @@ export class LdCredentialModule {
     fetchRemoteContexts = false,
     presentationPurpose: typeof ProofPurpose = !challenge && !domain
       ? new AssertionProofPurpose()
-      : new AuthenticationProofPurpose(domain, challenge),
-    checkStatus?: Function
+      : new AuthenticationProofPurpose({ domain, challenge }),
+    checkStatus?: Function,
     //AssertionProofPurpose()
   ): Promise<boolean> {
     // console.log(JSON.stringify(presentation, null, 2))
diff --git a/packages/vc-handler-ld-local/src/suites/JsonWebSignature2020.ts b/packages/vc-handler-ld-local/src/suites/JsonWebSignature2020.ts
index 4f0cd1c38..163adcd75 100644
--- a/packages/vc-handler-ld-local/src/suites/JsonWebSignature2020.ts
+++ b/packages/vc-handler-ld-local/src/suites/JsonWebSignature2020.ts
@@ -48,14 +48,14 @@ export class SphereonJsonWebSignature2020 extends SphereonLdSignature {
         }
 
         const headerString = encodeJoseBlob(header)
-        const dataString = u8a.toString(args.data, 'base64url')
-        const messageString = `${headerString}.${dataString}`
+        const messageBuffer = u8a.concat([u8a.fromString(`${headerString}.`, 'utf-8'), args.data])
+        const messageString = u8a.toString(messageBuffer, 'base64') //will be decoded to bytes in the keyManagerSign, hence the base64 arg to the method below
 
         const signature = await context.agent.keyManagerSign({
           keyRef: key.kid,
           algorithm: alg,
           data: messageString,
-          encoding: 'utf-8',
+          encoding: 'base64',
         }) // returns base64url signature
         return `${headerString}..${signature}`
       },
diff --git a/packages/vc-handler-ld-local/src/suites/impl/JsonWebSignatureWithRSASupport.ts b/packages/vc-handler-ld-local/src/suites/impl/JsonWebSignatureWithRSASupport.ts
index 1a4ad5e49..030371335 100644
--- a/packages/vc-handler-ld-local/src/suites/impl/JsonWebSignatureWithRSASupport.ts
+++ b/packages/vc-handler-ld-local/src/suites/impl/JsonWebSignatureWithRSASupport.ts
@@ -232,14 +232,17 @@ export class JsonWebSignature {
   async verifySignature({ verifyData, verificationMethod, proof }: any) {
     if (verificationMethod.publicKey) {
       const key = verificationMethod.publicKey as CryptoKey
+      const signature = proof.jws.split('.')[2]
+      const headerString = proof.jws.split('.')[0]
+      const messageBuffer = u8a.concat([u8a.fromString(`${headerString}.`, 'utf-8'), verifyData])
       return await subtle.verify(
         {
           name: key.algorithm?.name ? key.algorithm.name : 'RSASSA-PKCS1-V1_5',
-          hash: 'SHA-256',
+          hash: 'SHA-256', // todo get from proof.jws header
         },
         key,
-        typeof proof.jws === 'string' ? u8a.fromString(proof.jws, 'base64url') : proof.jws,
-        verifyData
+        u8a.fromString(signature, 'base64url'),
+        messageBuffer
       )
     }
     const verifier = await verificationMethod.verifier()