Hello,
Using multiple CA certificates with the TLSCACertificateFile directive is not working in my setup. The man page (1) clearly states that multiple certificates can be appended to the file.
Only the first CA in the file appear to be used. I confirmed this by changing the order of the certificate in the file.
I am using self-signed CA Certificate which is used for validating the provider server certificate during replication. I see this behaviour in both the latest OpenLDAP release and an older release. In both case I am using OpenSSL.
I just realized one important point abound my setup: Both CA certificate have the same DN. Other that that they are completely different certificate (different key, expiry date). Both CA certificate are valid (not expired).
I will test tomorrow if appending another CA certificate with a different CN makes a difference.
I am wondering if some people are successfully using multiples certificates with the TLSCACertificateFile directive. Thanks.
Best,
Alex
(1) http://www.openldap.org/software/man.cgi?query=slapd.conf