[Date Prev][Date Next]
Re: How to fetch ca server certificate from LDAP server using library call
Digambar Sawant writes:
> Is there any way to fetch the CA certificate from LDAP server using OpenLDAP
> C SDK? (...)
> On client side, how do I get the ca certficate? I don't want to copy it
> manually by doing scp/http.
If you get it from the server, someone can hijack the connection and
gives you their own certificate instead of your server's. That defeats
the entire point of having a server certificate: to verify that the
machine you connected to actually is the one you wanted to reach.
But if you insist, check out your TLS/SSL implementation's
documentation. I OpenLDAP leaves it to do CA cert handling.