How does the SSL Visibility appliance determine which Certificate Authority to use when multiple versions are present in the External Certificate Authorities?

The SSL Visibility's validation engine rebuilds the server certificate chain prior to validation, starting from the bottom of the chain towards the root Certificate Authority (CA). It uses the X.509 extensions to inform the algorithm which CA certificate is next. If a server certificate chain has been signed with a new CA and the SSL Visibility external CAs also has an old version of that CA, the rebuilding algorithm will pick the new CA to use.