diff --git a/swisssurfer/COPYING b/swisssurfer/COPYING
index 6168a39..6fb8e91 120000
--- a/swisssurfer/COPYING
+++ b/swisssurfer/COPYING
@@ -1 +1 @@
-/usr/share/automake-1.11/COPYING
\ No newline at end of file
+/opt/local/share/automake-1.11/COPYING
\ No newline at end of file
diff --git a/swisssurfer/INSTALL b/swisssurfer/INSTALL
index cbd1c80..7a6487f 120000
--- a/swisssurfer/INSTALL
+++ b/swisssurfer/INSTALL
@@ -1 +1 @@
-/usr/share/automake-1.11/INSTALL
\ No newline at end of file
+/opt/local/share/automake-1.11/INSTALL
\ No newline at end of file
diff --git a/swisssurfer/src/downloadmanager.hxx b/swisssurfer/src/downloadmanager.hxx
index 4585e75..243195b 100644
--- a/swisssurfer/src/downloadmanager.hxx
+++ b/swisssurfer/src/downloadmanager.hxx
@@ -180,6 +180,7 @@ class DownloadManager: public QObject {
            <<"OU="<<err->certificate().subjectInfo(QSslCertificate::OrganizationalUnitName)
            <<"C="<<err->certificate().subjectInfo(QSslCertificate::CountryName)
            <<"ST="<<err->certificate().subjectInfo(QSslCertificate::StateOrProvinceName);
+	LOG<<"Certificate:\n"<<err->certificate().toPem();
       }
     }
 
diff --git a/swisssurfer/src/main.cxx b/swisssurfer/src/main.cxx
index 5746950..beef76d 100644
--- a/swisssurfer/src/main.cxx
+++ b/swisssurfer/src/main.cxx
@@ -186,7 +186,7 @@ int main(int argv, char** argc) try {
   QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration());
   QList<QSslCertificate> certs(sslConfig.caCertificates());
   certs.push_back(QSslCertificate(SWISSSIGN_GOLD_CA_G2));
-  certs.push_back(QSslCertificate(SWISSSIGN_SERVER_GOLD_CA_2008_G2));
+  //certs.push_back(QSslCertificate(SWISSSIGN_SERVER_GOLD_CA_2008_G2));
   certs.push_back(QSslCertificate(SWISSSIGN_SILVER_CA_G2));
   certs.push_back(QSslCertificate(SWISSSIGN_PLATINUM_CA_G2));
   sslConfig.setCaCertificates(certs);
@@ -326,6 +326,10 @@ int main(int argv, char** argc) try {
     }
   sslConfig.setPeerVerifyMode(QSslSocket::VerifyPeer);
   QSslConfiguration::setDefaultConfiguration(sslConfig);
+  assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_GOLD_CA_G2));
+  //assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_SERVER_GOLD_CA_2008_G2))));
+  assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_SILVER_CA_G2));
+  assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_PLATINUM_CA_G2));
   //............................................................................
   Browser browser(actlib, urls, settings.get(), mimetypes, silent, login);
   browser.show();
diff --git a/swisssurfer/src/smartcardauth.hxx b/swisssurfer/src/smartcardauth.hxx
index bffabc4..404a2c5 100644
--- a/swisssurfer/src/smartcardauth.hxx
+++ b/swisssurfer/src/smartcardauth.hxx
@@ -15,6 +15,8 @@
 
 #include <memory>
 
+extern const QByteArray SWISSSIGN_GOLD_CA_G2;
+
 class CryptokiEngine: public QObject, public openssl::Engine {
 
     Q_OBJECT;
@@ -117,7 +119,11 @@ class SmartCardAuth: public QObject {
       
     void extendedContextInitialization(ssl_ctx_st* ctx, QSslSocket* socket) {
       qDebug()<<__PRETTY_FUNCTION__;
-      SSL_CTX_set_client_cert_cb(ctx, SmartCardAuth::clientCert);
+      for (std::list<std::string>::iterator cert(_cacerts.begin()); cert!=_cacerts.end(); ++cert) {
+	SSL_CTX_add_extra_chain_cert(ctx, openssl::X509(*cert).lowLevelCopy());
+	qDebug()<<"Added:\n"<<QSslCertificate(QByteArray(cert->data(), cert->size()), QSsl::Der).toPem();
+      }
+      SSL_CTX_set_client_cert_cb(ctx, &SmartCardAuth::clientCert);
     }
 
   private:
@@ -151,10 +157,10 @@ class SmartCardAuth: public QObject {
       QMutexLocker lock(&_mutex);
       if (!e() || (!force && *e())) return; // no smartcard or already logged in
       try {
+	_cacerts.clear();
         QList<CertInfo> authcerts;
         QList<CertInfo> allcerts;
         QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration());
-        QList<QSslCertificate> cacerts(sslConfig.caCertificates());
         _slots = e()->cryptoki().slotList();
         for (cryptoki::SlotList::iterator slot(_slots.begin());
              slot!=_slots.end(); ++slot) {
@@ -176,9 +182,7 @@ class SmartCardAuth: public QObject {
             std::string data(cert->attribute(CKA_VALUE).value);
             if (!keys.size()) { // add CA-certificate
               OPENSSL_LOG("**** add to CA-certificates");
-              cacerts.push_back(QSslCertificate
-                                (QByteArray(data.data(), data.size()),
-                                 QSsl::Der));
+              _cacerts.push_back(data);
             } else {
               OPENSSL_LOG("**** user cert, check for authentictaion");
               if (label.value.find("auth")==0 ||
@@ -212,7 +216,6 @@ class SmartCardAuth: public QObject {
                 e()->cert(keys[0],
                           std::auto_ptr<openssl::X509>
                           (new openssl::X509(c.data)));
-                sslConfig.setCaCertificates(cacerts);
                 break;
               }
             } catch (std::exception& x) {
@@ -223,6 +226,8 @@ class SmartCardAuth: public QObject {
                                                     " please try again."));
             }
         }
+	QByteArray ca(QSslCertificate(SWISSSIGN_GOLD_CA_G2, QSsl::Pem).toDer());
+	_cacerts.push_back(std::string(ca.data(), ca.size()));
       } catch (...) {
         throw;
       }
@@ -246,6 +251,7 @@ class SmartCardAuth: public QObject {
     cryptoki::SlotList _slots;
     std::auto_ptr<cryptoki::Session> _session;
     QMutex _mutex;
+    std::list<std::string> _cacerts;
 
 };
 
diff --git a/swisssurfer/src/swisssurfer_de.ts b/swisssurfer/src/swisssurfer_de.ts
index 0f5ae7e..33ad46d 100644
--- a/swisssurfer/src/swisssurfer_de.ts
+++ b/swisssurfer/src/swisssurfer_de.ts
@@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; }
 <context>
     <name>QMessageBox</name>
     <message>
-        <location filename="smartcardauth.hxx" line="221"/>
+        <location filename="smartcardauth.hxx" line="224"/>
         <source>Wrong PIN</source>
         <translation type="unfinished"></translation>
     </message>
     <message>
-        <location filename="smartcardauth.hxx" line="222"/>
+        <location filename="smartcardauth.hxx" line="225"/>
         <source>Authentication failed, please try again.</source>
         <translation type="unfinished"></translation>
     </message>
diff --git a/swisssurfer/src/swisssurfer_en.ts b/swisssurfer/src/swisssurfer_en.ts
index 0f5ae7e..33ad46d 100644
--- a/swisssurfer/src/swisssurfer_en.ts
+++ b/swisssurfer/src/swisssurfer_en.ts
@@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; }
 <context>
     <name>QMessageBox</name>
     <message>
-        <location filename="smartcardauth.hxx" line="221"/>
+        <location filename="smartcardauth.hxx" line="224"/>
         <source>Wrong PIN</source>
         <translation type="unfinished"></translation>
     </message>
     <message>
-        <location filename="smartcardauth.hxx" line="222"/>
+        <location filename="smartcardauth.hxx" line="225"/>
         <source>Authentication failed, please try again.</source>
         <translation type="unfinished"></translation>
     </message>
diff --git a/swisssurfer/src/swisssurfer_fr.ts b/swisssurfer/src/swisssurfer_fr.ts
index 0f5ae7e..33ad46d 100644
--- a/swisssurfer/src/swisssurfer_fr.ts
+++ b/swisssurfer/src/swisssurfer_fr.ts
@@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; }
 <context>
     <name>QMessageBox</name>
     <message>
-        <location filename="smartcardauth.hxx" line="221"/>
+        <location filename="smartcardauth.hxx" line="224"/>
         <source>Wrong PIN</source>
         <translation type="unfinished"></translation>
     </message>
     <message>
-        <location filename="smartcardauth.hxx" line="222"/>
+        <location filename="smartcardauth.hxx" line="225"/>
         <source>Authentication failed, please try again.</source>
         <translation type="unfinished"></translation>
     </message>
diff --git a/swisssurfer/src/swisssurfer_it.ts b/swisssurfer/src/swisssurfer_it.ts
index 0f5ae7e..33ad46d 100644
--- a/swisssurfer/src/swisssurfer_it.ts
+++ b/swisssurfer/src/swisssurfer_it.ts
@@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; }
 <context>
     <name>QMessageBox</name>
     <message>
-        <location filename="smartcardauth.hxx" line="221"/>
+        <location filename="smartcardauth.hxx" line="224"/>
         <source>Wrong PIN</source>
         <translation type="unfinished"></translation>
     </message>
     <message>
-        <location filename="smartcardauth.hxx" line="222"/>
+        <location filename="smartcardauth.hxx" line="225"/>
         <source>Authentication failed, please try again.</source>
         <translation type="unfinished"></translation>
     </message>