2.2.3.1.4.1 Credential Structure
A certificate chain is a Public Key Cryptography Standards (PKCS) 7 version 1.5 message of type SignedData as specified in [RFC2315] section 9.1. The chain consists of a list of [X509] version 3 certificates.
The total number of certificates in a certificate chain MUST NOT be more than 25.
Each certificate in the chain MUST be formatted as an [X509] version 3 [RFC2459] certificate, with the following constraints on the fields defined in [RFC2459].
The version field ([RFC2459] section 4.1.2.1) MUST be set to 2 (version 3).
The signatureAlgorithm field ([RFC2459] section 4.1.1.2) MUST be set to the OID 1.2.840.113549.1.1.5.
The serialNumber field ([RFC2459] section 4.1.2.2) MUST be present and MUST be exactly 16 bytes long.
The subjectUniqueID and issuerUniqueID fields ([RFC2459] section 4.1.2.8) MUST be empty with a length of 0 bytes.
The subjectPublicKeyInfo field ([RFC2459] section 4.1.2.7) MUST conform to the syntax specified in section 2.2.1.
The subject field ([RFC2459] section 4.1.2.6) MUST be a null-terminated Unicode string that MUST NOT be longer than 255 characters.
The issuer field ([RFC2459] section 4.1.2.4) MUST be a null-terminated Unicode string that MUST NOT be longer than 255 characters.