Re: Problem using ldaps with two different CA cert files

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Michael Ströder wrote:
> Rich Megginson wrote:
>   
>> Is it possible to use two different CA certs in a single python-ldap 
>> app?
>>     
>
> There are two options:
>
> 1. Stuff all trusted CA certs into one "PEM" file and use
> ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/path/to/allcacerts.pem')
>
> 2. Copy all CA certs in a directory and use
> ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, '/path/to/cacerts')
>
> For faster look up with option . you should generate symbolic links like
> described here:
> http://gagravarr.org/writing/openssl-certs/others.shtml#ca-openssl
>
> ln -s my_ca.crt `openssl x509 -hash -noout -in my_ca.crt`.0
>
> I think you can find pretty much docs about how OpenSSL handles multiple
> CA certs.
>   
Ok.  Thanks Michael.  I'll look into it.
> BTW: With OpenLDAP 2.4 client libs you can also set
> ldap.OPT_X_TLS_CACERTDIR connection-specific.
>
> Ciao, Michael.
>
>
>