I used 2 1 1 with the IdenTrust root. The main disadvantage of this, I think, is that you have to send the root in your certificate chain, which is unusual, but shouldn’t cause any problems.
I used 2 1 1 with the IdenTrust root. The main disadvantage of this, I think, is that you have to send the root in your certificate chain, which is unusual, but shouldn’t cause any problems.