2.2.3.2.8 CERTIFICATECHAIN

The CERTIFICATECHAIN element specifies the certificate chain, which contains the credentials needed to issue licenses. This element is used to inform the Digital Rights Management client that the license server is authorized to issue licenses.

The first CERTIFICATE child element is the certificate issued by the root authority (CR). The second CERTIFICATE child element is the license server certificate (CS). Subsequent CERTIFICATE child elements comprise a certificate chain downward from CS. All valid version 7 and greater license servers MUST have at least two certificates that are maintained and retrieved by the service protocol implementation. These certificates are not processed on the server, but are included for reference by the client to allow for signature validation of the license through a trusted certificate chain. The client will process each CERTIFICATE element and the CERTIFICATECHAIN element in a license response.