On Mon, Mar 11, 2013 at 1:49 PM, Rick Andrews <Rick_Andrews at symantec.com> wrote: > Thanks for pointing this out. We don't support the "inheritance" of parameters - each cert in the chain needs to carry its own parameters. It makes the certs big, but avoids this potential problem. Great, thanks! AGL