Allow multiple certificates in CACertificateFile

The Amazon Aurora [documentation references](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/AuroraMySQL.Security.html) a "bundled" certificate file: [rds-combined-ca-bundle.pem](https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem).

This file is simply concatenated certificates:

```
-----BEGIN CERTIFICATE-----
MIID9DCCAtygAwIBAgIBQjANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMCVVMx
[ snip ]
/40NawZfTUU=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEATCCAumgAwIBAgIBRDANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMCVVMx
[ snip ]
VPrXn2899T1rcTtFYFP16WXjGuc0
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEATCCAumgAwIBAgIBRTANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMCVVMx
...
```

It comprises a (self-signed) root certificate and multiple intermediate certificates. We need both the root and the intermediate certificates to verify the certificate chain for an Aurora SSL connection (see #498).

Since Amazon already makes this bundled certificate available, and creating a bundled certificate isn't hard, it makes most sense to allow the existing `CACertificateFile` connection string option to point to a bundled certificate file (as opposed to interpreting it as a delimited list of file names). Currently `new X509Certificate2(string)` only loads the first certificate in the file, so we would need to manually split the file into multiple `byte[]` and create multiple `X509Certificate2` objects.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow multiple certificates in CACertificateFile #499

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Allow multiple certificates in CACertificateFile #499

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions