On 6/13/2014 3:15 AM, nicolas....@free.fr wrote: > the fact is a server can only send a single certificate, however this one can > be signed by multiple CAs
I wish. Unfortunately, it's a single certificate, signed by a single CA. Which itself can be signed by another single CA, and so on until the "trust anchor" is reached. This is a single "certificate chain". There are issues with having only a single certificate chain available. Most notably, if your CA becomes untrusted, you must change your CA and entire presented certificate chain. -Kyle H
smime.p7s
Description: S/MIME Cryptographic Signature
