we are currently brainstorming for a process to have multiple certificates for different clients. we are thinking of doing this as sort of a security change. hoping for your inputs on this discussion as well thanks~
Yes, the cafile for the listener can consist of multiple certificates, or you can put them in a folder and use the capath option instead. In this case, the folder needs to have
openssl rehash . running in it.
Understood, that I can generated different certificate per client, but can I attach multiple certificates to the broker to communicate to different certificate?
Broker A - Certificate A - Client Certificate A
Broker A - Certificate B - Client Certificate B
Yes, that’s exactly what I am describing. You provide a number of CA certs to the broker, then when a client connects they can use certificates signed by any of the CA certs.