MySQL Forums
Forum List  »  Security

MySql TLS Multi-CA Heirarchy Support Question
Posted by: Ben Clark
Date: February 02, 2017 05:20PM

I am using MySql v. 5.6 and have a question about the Certificate Authority (CA) configuration. The description of the "--ssl-ca" parameter in the reference manual states "identifies the Certificate Authoirty (CA) certificate." I am utilizing a three level CA hierarchy (a root, two intermediate CAs, and the end entity certificate).

My question is: when performing the client certificate validation as part of the SSL negotiation, does MySQL perform certificate chain validation through only the CA certificate that issued the client certificate or if I have configured MySQL with a pem file containing all certificates in my chain up to the root will it validate signatures, check for revocation, etc. for all certs in the chain?

The use of the wording "Certificate Authority certificate" instead of "Certificate Authority certificates" could be interpreted as that only one CA cert is used/processed by MySQL and the rest of the chain ignored.

Options: ReplyQuote

Written By
MySql TLS Multi-CA Heirarchy Support Question
February 02, 2017 05:20PM

Sorry, you can't reply to this topic. It has been closed.
This forum is currently read only. You can not log in or make any changes. This is a temporary situation.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.