Currently we are using all certificates, which are part of 'x5c' certificate chain, as X509SecurityKeys.
By the rfc7517, only the first key should be used to perform any signing operations.
We should threat only the first certificate from a 'x5c' certificate chain as an X509SecurityKey and others as part of a certificate chain.
Currently we are using all certificates, which are part of 'x5c' certificate chain, as X509SecurityKeys. By the rfc7517, only the first key should be used to perform any signing operations. We should threat only the first certificate from a 'x5c' certificate chain as an X509SecurityKey and others as part of a certificate chain.