On Oct 21, 2017, at 11:20 AM, Misaki Miyashita <misaki.miyashita@xxxxxxxxxx> wrote: > We encountered a problem using OpenLDAP with OpenSSL when there were more than one certificate with the same subject. > > Does OpenSSL stop searching for a valid certificate when it finds a certificate with matching DN? Yes, when a matching issuer is found in the trust store, but is expired no alternative certificates will be tested. You need to remove outdated issuer certificates from your trust store before they expire. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
