<div dir="ltr"><div style="font-size:12.8px">It's a path to a windows file.</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">[Dbg]>>> print <span style="color:rgb(80,0,80);font-size:12.8px">pathtocacertfile</span></div><div style="font-size:12.8px">C:\Users\me\Documents\GitHub\automation\ephemeralca-cacert.crt</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">The exact same file works as expected on Linux, so the cert file is valid.</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px"><div style="font-size:12.8px"><div>>>> import ldap</div><div>>>> ldap.__version__</div><div>'2.4.25'</div></div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Python 2.7.9 (default, Dec 10 2014, 12:28:03) [MSC v.1500 64 bit (AMD64)] on win32.</div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Mar 17, 2016 at 2:48 PM, Michael Ströder <span dir="ltr"><<a href="mailto:michael@stroeder.com" target="_blank">michael@stroeder.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">Daniel Watrous wrote:<br>
> I am able to make a connection to my LDAPS server with my own certificate<br>
> setting the following option on Linux<br>
> ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, CACERTFILE)<br>
<br>
</span>Good.<br>
<span class=""><br>
> However, on Windows the same approach fails with<br>
> SERVER_DOWN: {'info': 'error:14090086:SSL<br>
> routines:ssl3_get_server_certificate:certificate verify failed (unable to<br>
> get issuer certificate)', 'desc': "Can't contact LDAP server"}<br>
><br>
> It seems that either python-ldap can't follow the Windows based path to the<br>
> certificate OR python-ldap has a hard dependency on a Linux library that<br>
> isn't available on Windows.<br>
<br>
</span>The good news is that the 'info' message is actually generated by the OpenSSL<br>
libs. AFAIK Waldemar compiles OpenSSL into his python-ldap builds for Windows.<br>
<br>
OpenSSL simply cannot find the CA cert needed to validate the LDAP server cert.<br>
<span class=""><br>
> Any help getting this working on Windows is appreciated. Here's a larger<br>
> snippet from my script<br>
><br>
> try:<br>
> ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, pathtocacertfile)<br>
<br>
</span>What's the content of var pathtocacertfile?<br>
Does it contain a Windows path name?<br>
Does the referenced file really contain the CA cert?<br>
<br>
Ciao, Michael.<br>
<br>
</blockquote></div><br></div>