This is going to sound naive I know and it probably is, but I need to get it clear. A "signed" certificate is encrypted right? I mean all the X.509 stuff that are in the certificate just get encrypted by the CA and then the client has to have the public key of the CA to get them? Or, everything is in the clear and the signature that comes in the end is a kind of CRC to check the whole thing? Need help. Spend to much time infront of monitor.:) Vassilis.-