MySQL Forums
Forum List  »  Security

MySql TLS Multi-CA Heirarchy Support Question
Posted by: Ben Clark
Date: February 02, 2017 05:20PM

I am using MySql v. 5.6 and have a question about the Certificate Authority (CA) configuration. The description of the "--ssl-ca" parameter in the reference manual states "identifies the Certificate Authoirty (CA) certificate." I am utilizing a three level CA hierarchy (a root, two intermediate CAs, and the end entity certificate).

My question is: when performing the client certificate validation as part of the SSL negotiation, does MySQL perform certificate chain validation through only the CA certificate that issued the client certificate or if I have configured MySQL with a pem file containing all certificates in my chain up to the root will it validate signatures, check for revocation, etc. for all certs in the chain?

The use of the wording "Certificate Authority certificate" instead of "Certificate Authority certificates" could be interpreted as that only one CA cert is used/processed by MySQL and the rest of the chain ignored.

Options: ReplyQuote


Subject
Views
Written By
Posted
MySql TLS Multi-CA Heirarchy Support Question
1081
February 02, 2017 05:20PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.