Re: [Pki-users] Python programming against dogtag

Hi Pascal, ----- Original Message ----- There's three ways to go about this. verify _technically_ takes a path argument, which allows you to pass a specific certificate/chain, and use that to validate the certificate. Something like: requests.request("GET", url, headers=headers, cert=(certfile, keyfile), verify="/path/to/ca_root.crt") This is documented here: https://requests.readthedocs.io/en/master/user/advanced/#ssl-cert-verific... What we use in Dogtag is a custom adapter, using Python's SSL library and its certificate verification/loading mechanisms. This is more involved, but you can see what we do here: https://github.com/dogtagpki/pki/blob/master/base/common/python/pki/clien... https://github.com/dogtagpki/pki/blob/master/base/common/python/pki/clien... This is also documented here: https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_verify_loc... https://requests.readthedocs.io/en/master/user/advanced/#transport-adapters Lastly, you could just reuse PKIConnection on Dogtag >= 10.9.0 :-) from pki.client import PKIConnection conn = PKIConnection(protocol='https', hostname='zbook.home', port='8443', cert_paths='/path/to/ca_root.crt') conn.set_authentication_cert(certfile, keyfile) conn.{get,put,post,...} HTH, - Alex