I am using MySql v. 5.6 and have a question about the Certificate Authority (CA) configuration. The description of the "--ssl-ca" parameter in the reference manual states "identifies the Certificate Authoirty (CA) certificate." I am utilizing a three level CA hierarchy (a root, two intermediate CAs, and the end entity certificate).
My question is: when performing the client certificate validation as part of the SSL negotiation, does MySQL perform certificate chain validation through only the CA certificate that issued the client certificate or if I have configured MySQL with a pem file containing all certificates in my chain up to the root will it validate signatures, check for revocation, etc. for all certs in the chain?
The use of the wording "Certificate Authority certificate" instead of "Certificate Authority certificates" could be interpreted as that only one CA cert is used/processed by MySQL and the rest of the chain ignored.
My question is: when performing the client certificate validation as part of the SSL negotiation, does MySQL perform certificate chain validation through only the CA certificate that issued the client certificate or if I have configured MySQL with a pem file containing all certificates in my chain up to the root will it validate signatures, check for revocation, etc. for all certs in the chain?
The use of the wording "Certificate Authority certificate" instead of "Certificate Authority certificates" could be interpreted as that only one CA cert is used/processed by MySQL and the rest of the chain ignored.