..........
Hi Robin
I am not sure how this is any benefit over the self-signed root certs that I
now use?
Except for the fact that these are a root cert as well and don't use any CA
trust chain.
To be able to validate this cert, I have to load it as a CA cert on the
validating side.
Which isn't bad perse.
I've used openssl as mentioned here to create my certs:
https://docs.python.org/3.7/library/ssl.html#self-signed-certificates
.........Welle I was thinking perhaps you had trouble with self signed certs for
some reason. I only used CA type setup because some recipe for mongo clusters
seems to want that. I think the mariadb clusters were fine with simple self
signed certs. However, if I control the cluster can I not just distribute the
cert to all members and have them validate it against itself or does python
refuse to do that? I vaguely remember some python apis allow the authority chain
to be specified.
--
Robin Becker
--
https://mail.python.org/mailman/listinfo/python-list
