A method begins by a processing module receiving a certificate chain and determining whether at least one of one or more signed certificates of the chain has a valid signature. When the at least one of the one or more signed certificates has a valid signature, the method continues with the processing module identifying one or more certificate authorities (CA) to produce identified CAs, accessing registry information that includes one or more realm identifiers (IDs) and a plurality of trusted CA IDs, determining whether one or more of the identified CAs is a trusted CA, and when the one or more of the identified CAs is a trusted CA, indicating that the certificate chain is valid, identifying a realm ID based on a trusted CA ID, and generating certificate chain validation information to include the realm ID, trusted CAs, and the indication of the validity of the certificate chain.