It comprises a (self-signed) root certificate and multiple intermediate certificates. We need both the root and the intermediate certificates to verify the certificate chain for an Aurora SSL connection (see #498).
Since Amazon already makes this bundled certificate available, and creating a bundled certificate isn't hard, it makes most sense to allow the existing CACertificateFile connection string option to point to a bundled certificate file (as opposed to interpreting it as a delimited list of file names). Currently new X509Certificate2(string) only loads the first certificate in the file, so we would need to manually split the file into multiple byte and create multiple X509Certificate2 objects.
The text was updated successfully, but these errors were encountered: