[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Netscape Certificates in OpenLDAP
On Wed, 22 Mar 2000, Giuseppe Lo Biondo wrote:
> On Wed, 22 Mar 2000, Michael [iso-8859-1] Ströder wrote:
>
> > Giuseppe Lo Biondo wrote:
> > >
> > > To store the certificate I encoded a pem file
> >
> > You have to encode a DER-encoded cert file. If you're using OpenSSL
> > you have to convert the cert with "openssl x509 [..] -outform DER".
>
> I've already tried (with oscar) to do so but netscape (4.72) crashes when
> I try to display the entry. I'll try again using openssl.
It worked with OpenSSL!
> > If the cert is stored properly it's displayed in the Netscape
> > Navigator when accessing the appropriate LDAP URL (e.g. by
> > double-clicking the address book entry).
>
> Well, now I'm really confused!
>
> Here's what I've done:
>
> /usr/local/sbin/ldif -b "usercertificate;binary" < certificate > cert.ldif
>
> where certificate is a pem file, and as you can see at the URL
>
> ldap://bond.cnaf.infn.it/cn= Giuseppe Lo Biondo,ou=people,ou=Sezione di
> Milano,o=Istituto Nazionale di Fisica Nucleare,c=it
>
> The certificate is properly displayed (actually I don't know if it is
> the right way but it looks like netscape is happy about the certificate).
>
I have the same result encoding and publishing DER certificates.
> > > -----BEGIN CERTIFICATE-----
> > > MIID+DCCA2GgAwIBAgIBSzANBgkqhkiG9w0BAQQFADBGMQswCQYDVQQGEwJJVDEN
> > > ....
> > > ....
> > > -----END CERTIFICATE-----
> >
> > Wrong.
>
> but it works! Doing so I can still import certificates automatically by
> the WEB. Can you tell me what I miss?
It works with der too: but I have to encode the binary certificate
before... to retrieve the certificate I use an url of the form
data:application/x-x509-email-cert;base64,MIIEBDCCA22g....
embedded in my page.
Giuseppe