Problem using ldaps with two different CA cert files
Michael Ströder
michael at stroeder.com
Thu Sep 11 10:09:02 CEST 2008
Rich Megginson wrote:
> Is it possible to use two different CA certs in a single python-ldap
> app?
There are two options:
1. Stuff all trusted CA certs into one "PEM" file and use
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/path/to/allcacerts.pem')
2. Copy all CA certs in a directory and use
ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, '/path/to/cacerts')
For faster look up with option . you should generate symbolic links like
described here:
http://gagravarr.org/writing/openssl-certs/others.shtml#ca-openssl
ln -s my_ca.crt `openssl x509 -hash -noout -in my_ca.crt`.0
I think you can find pretty much docs about how OpenSSL handles multiple
CA certs.
BTW: With OpenLDAP 2.4 client libs you can also set
ldap.OPT_X_TLS_CACERTDIR connection-specific.
Ciao, Michael.
More information about the python-ldap
mailing list