An array of intermediate certificates to form the chain from the leaf certificate to the root CA. If auth service already has the intermediate certificate(s), then this is not required.
A temporary public key, owned by the service. The service also owns the corresponding private key. This public key will be put inside the security token by the auth service after successful validation of the certificate.
The x509 certificate of the service instance, issued by his CA.