Problem using ldaps with two different CA cert files
rich.megginson at gmail.com
Thu Sep 11 16:22:25 CEST 2008
Michael Ströder wrote:
> Rich Megginson wrote:
>> Is it possible to use two different CA certs in a single python-ldap
> There are two options:
> 1. Stuff all trusted CA certs into one "PEM" file and use
> ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/path/to/allcacerts.pem')
> 2. Copy all CA certs in a directory and use
> ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, '/path/to/cacerts')
> For faster look up with option . you should generate symbolic links like
> described here:
> ln -s my_ca.crt `openssl x509 -hash -noout -in my_ca.crt`.0
> I think you can find pretty much docs about how OpenSSL handles multiple
> CA certs.
Ok. Thanks Michael. I'll look into it.
> BTW: With OpenLDAP 2.4 client libs you can also set
> ldap.OPT_X_TLS_CACERTDIR connection-specific.
> Ciao, Michael.
More information about the python-ldap