[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
TLSCACertificateFile directive and multiple CA certificates
- To: openldap-technical@openldap.org
- Subject: TLSCACertificateFile directive and multiple CA certificates
- From: Alexandre Rosenberg <arekkusu@r42.ch>
- Date: Wed, 17 May 2017 00:42:25 +0900
- Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=r42.ch; s=mail; t=1494949348; bh=tqJYwJy1KXw0uPR11BOdFG7s+gyy/78gosVSo2MQF5A=; h=From:To:Subject:Date:From; b=SSpZ1mTZ3fNh+XF6pnlaUnRBSZOJKM1N+eKlXatS8cW+dRrrcjTEADTV3jeS/CZLB dkNTWHBcu1DAjDxoiu9MKmGYb6twAGZM3Zy/VBS/KOpVlBqLO2qH5QVt5P2sXNnCls mr1csHDOFAVA2IinYWcPnNBNmbAda8Ov8QD6rSRs=
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
Hello,
Using multiple CA certificates with the TLSCACertificateFile directive
is not working in my setup. The man page (1) clearly states that
multiple certificates can be appended to the file.
Only the first CA in the file appear to be used. I confirmed this by
changing the order of the certificate in the file.
I am using self-signed CA Certificate which is used for validating the
provider server certificate during replication. I see this behaviour in
both the latest OpenLDAP release and an older release. In both case I am
using OpenSSL.
I just realized one important point abound my setup: Both CA certificate
have the same DN. Other that that they are completely different
certificate (different key, expiry date). Both CA certificate are valid
(not expired).
I will test tomorrow if appending another CA certificate with a
different CN makes a difference.
I am wondering if some people are successfully using multiples
certificates with the TLSCACertificateFile directive. Thanks.
Best,
Alex
(1) http://www.openldap.org/software/man.cgi?query=slapd.conf