[Date Prev][Date Next]
Re: (ITS#8586) load cert+chain from TLSCertificateFile
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8586) load cert+chain from TLSCertificateFile
- From: firstname.lastname@example.org
- Date: Tue, 14 Feb 2017 03:16:54 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
FWIW, tls_g already has the behaviour that (I think) this ticket asks
for: if you set TLSCertificateFile to a file containing concatenated
server and intermediate certs, it sends the chain of both.
I found that useful in a setup very similar to what Andreas and Michael
describe: slapd with a server certificate issued by an external/public
CA, but trusting only a specific internal CA to authenticate clients.
The comparison to mod_ssl is apt. Note that in recent versions httpd
also supports loading the entire chain from SSLCertificateFile.