verify certificates as they are issued
ensure cert is signed by the entire chain properly up to root validate start/end date validate common name, alt names, etc
ensure cert is signed by the entire chain properly up to root validate start/end date validate common name, alt names, etc