Comment 2 for bug 2008452

For typical OpenStack deployment with vault, the support for multiple certificates is not necessary, only the root_ca from vault is enough for `check_ssl_cert` to work properly. However, I can imagine in some corner cases that someone needs to use 3rd party certificate (e.g. provided by a customer) to configure ssl per-application basis (e.g. cinder). The certificate is not necessary the signed by the root CA from vault. In that case, we might need to trust two root CAs, one from the vault, one from the root CA of the 3rd party.

However, I do want to say this may not happen very often, and it may not be urgent to implement it right away. Therefore, I am marking it as a wishlist to track it. Nevertheless, having the ability to trust more than one CA should be a welcome enhancement, and should be backward compatible.