Hi William, > > With ‘ssl crt foo.pem chain bar.pem’, or crt-list with ‘foo.pem [chain > bar.pem]’, > deduplicate chain look like deduplicate ca-file. > Find ocsp_issuer with this chain doesn’t work directly, but it seems doable. > For CLI, reload cert when chain is updated seem also complicated, perhaps > less problematic than others solutions. >
Proposal for ‘chain’ parameter: https://github.com/ehocdet/haproxy/commits/chain <https://github.com/ehocdet/haproxy/commits/chain> ++ Manu