[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Netscape Certificates in OpenLDAP
Hi to all.
I'd just like to add one thing. IExplorer and Netscape handle this
attribute in a different way, at least as I tested it. IExplorer likes
userCertificate and Netscape likes userCertificate;binary.
Which takes me to a complementary question which is ; Can OpenLDAP,
for the same attribute value, return different names (define attribute
aliases) like the entry had those different attributes? Example, in
this case it would return userCertificate <data> and
userCertificate;binary <data> and in the conf file I would just mention
userCertificate <tab> userCertificate;binary bin.
Nevertheless, I'm also having this problem because I imported the
LDAP data from one server to OpenLDAP and I can't put certificates to
work either...
Best regards,
Giuseppe Lo Biondo wrote:
>
> On Wed, 22 Mar 2000, Giuseppe Lo Biondo wrote:
>
> > On Wed, 22 Mar 2000, Michael [iso-8859-1] Ströder wrote:
> >
> > > Giuseppe Lo Biondo wrote:
> > > >
> > > > To store the certificate I encoded a pem file
> > >
> > > You have to encode a DER-encoded cert file. If you're using OpenSSL
> > > you have to convert the cert with "openssl x509 [..] -outform DER".
> >
> > I've already tried (with oscar) to do so but netscape (4.72) crashes when
> > I try to display the entry. I'll try again using openssl.
>
> It worked with OpenSSL!
>
> > > If the cert is stored properly it's displayed in the Netscape
> > > Navigator when accessing the appropriate LDAP URL (e.g. by
> > > double-clicking the address book entry).
> >
> > Well, now I'm really confused!
> >
> > Here's what I've done:
> >
> > /usr/local/sbin/ldif -b "usercertificate;binary" < certificate > cert.ldif
> >
> > where certificate is a pem file, and as you can see at the URL
> >
> > ldap://bond.cnaf.infn.it/cn= Giuseppe Lo Biondo,ou=people,ou=Sezione di
> > Milano,o=Istituto Nazionale di Fisica Nucleare,c=it
> >
> > The certificate is properly displayed (actually I don't know if it is
> > the right way but it looks like netscape is happy about the certificate).
> >
>
> I have the same result encoding and publishing DER certificates.
>
> > > > -----BEGIN CERTIFICATE-----
> > > > MIID+DCCA2GgAwIBAgIBSzANBgkqhkiG9w0BAQQFADBGMQswCQYDVQQGEwJJVDEN
> > > > ....
> > > > ....
> > > > -----END CERTIFICATE-----
> > >
> > > Wrong.
> >
> > but it works! Doing so I can still import certificates automatically by
> > the WEB. Can you tell me what I miss?
>
> It works with der too: but I have to encode the binary certificate
> before... to retrieve the certificate I use an url of the form
>
> data:application/x-x509-email-cert;base64,MIIEBDCCA22g....
>
> embedded in my page.
>
> Giuseppe
--
=======================================================
Bruno Salgueiro (mailto:bs@sibs.pt)
SIBS - Sociedade Interbancária de Serviços
Rua Soeiro Pereira Gomes, Lote 1, 1600 Lisboa, Portugal
Tel: + 351 21 791 88 33
Fax: + 351 21 793 50 80
http://www.sibs.pt
Esta mensagem foi assinada com certificado MULTIcert.
Para obter o certificado da Autoridade de Certificação
PILOTO MULTIcert dirija-se ao site
http://www.sibs.multicert.com
"Computers are useless. They can only give you answers."
--Pablo Picasso
=======================================================