diff --git a/docs/ClientLibraryUsage.md b/docs/ClientLibraryUsage.md
index 97997b26..0bc5adab 100644
--- a/docs/ClientLibraryUsage.md
+++ b/docs/ClientLibraryUsage.md
@@ -48,6 +48,9 @@ Func<CancellationToken, Task<SecuritySettings>> GetSecurityCredentials = (ct) =>
 };
 ```
 
+#### Handling multiple issuer thumbprints
+You can specify a comma delimited list as the issuerCertThumbprint for a RemoteX509SecuritySettings object to check against multiple issuers.
+
 ### Connecting to cluster secured with Azure Active Directory
 There are different ways to connect to the cluster secured with Azure Active Directory depending on if you have the AAD metadata(authority, resource, clientId) to get the token from Azure Active Directory. If you have the AAD metadata, use the option 1 below, if you don't have the AAD metadata, use the option 2 below.
 #### 1. You have the AAD metadata to get the token from Azure Active Directory.
diff --git a/src/Microsoft.ServiceFabric.Client/ServerCertificateValidator.cs b/src/Microsoft.ServiceFabric.Client/ServerCertificateValidator.cs
index 70a47001..d6710278 100644
--- a/src/Microsoft.ServiceFabric.Client/ServerCertificateValidator.cs
+++ b/src/Microsoft.ServiceFabric.Client/ServerCertificateValidator.cs
@@ -153,9 +153,9 @@ private bool ValidateServerCertificateX509Name(X509Certificate2 cert, X509Chain
             return false;
         }
 
-        private bool IsServerCertIssuerThumbprintValid(X509Chain chain, string expectedIssuerThumbprint)
+        private bool IsServerCertIssuerThumbprintValid(X509Chain chain, string expectedIssuerThumbprints)
         {
-                var issuers = expectedIssuerThumbprint.ToLower().Split(',');
+                var issuers = expectedIssuerThumbprints.ToLower().Split(',');
 
                 // SelfSigned cert matches with index 0, CA signed matches with index 1.
                 var thumbprint = chain.ChainElements[0].Certificate.Thumbprint.ToLower();
diff --git a/src/Microsoft.ServiceFabric.Common/Security/X509Name.cs b/src/Microsoft.ServiceFabric.Common/Security/X509Name.cs
index 60fc4abb..ec6b0561 100644
--- a/src/Microsoft.ServiceFabric.Common/Security/X509Name.cs
+++ b/src/Microsoft.ServiceFabric.Common/Security/X509Name.cs
@@ -20,7 +20,7 @@ public class X509Name
         /// </param>
         /// <param name="issuerCertThumbprint">
         ///   <para>Certificate thumbprint to identify issuer. Default value is null which means that issuer thumbprint will not be verified.
-        ///   for the certificate found with the common name.</para>
+        ///   for the certificate found with the common name. A Comma delimited string can be used to verify against multiple certificate issuer thumbprints</para>
         /// </param>
         public X509Name(string name, string issuerCertThumbprint = null)
         {
@@ -42,7 +42,7 @@ public X509Name(string name, string issuerCertThumbprint = null)
         public string Name { get; }
 
         /// <summary>
-        /// Gets the certificate thumbprint to identify issuer.
+        /// Gets the certificate thumbprint to identify issuer. This can additionally be a comma delimited string of multiple issuer certificate thumbprints
         /// </summary>
         /// <value>
         ///   <para>Certificate thumbprint to identify issuer</para>