[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8586) load cert+chain from TLSCertificateFile

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8586) load cert+chain from TLSCertificateFile
From: ryan@nardis.ca
Date: Tue, 14 Feb 2017 03:16:54 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

FWIW, tls_g already has the behaviour that (I think) this ticket asks 
for: if you set TLSCertificateFile to a file containing concatenated 
server and intermediate certs, it sends the chain of both.

I found that useful in a setup very similar to what Andreas and Michael 
describe: slapd with a server certificate issued by an external/public 
CA, but trusting only a specific internal CA to authenticate clients.

The comparison to mod_ssl is apt. Note that in recent versions httpd 
also supports loading the entire chain from SSLCertificateFile.

Prev by Date: Re: (ITS#8335) MDB_MULTIPLE issues
Next by Date: Re: (ITS#8335) MDB_MULTIPLE issues
Index(es):
- Chronological
- Thread