In an embodiment of a system and method according to the present invention, a chain of one or more certificates certifying a principal's public key is exchanged for a single substitute certificate. The substitute certificate is used as a replacement for the certificate chain. The substitute certificate is useful for authentication of the principal. In one embodiment, an authentication server exchanges the certificates. The substitute certificate is signed by the authentication server and used for authentication and communication with principals that have knowledge of and trust the authentication server. In one embodiment the substitute certificate also includes the principal's access information.