intermediate certificates that have at least one valid, unrevoked chain upto such a CA certificate and that are technically capable of issuingworking server or email certificates. Intermediate certificates that are not considered to be technically capable will contain either: