[Date Prev][Date Next]
Re: Netscape Certificates in OpenLDAP
On Wed, 22 Mar 2000, Mark Krischer wrote:
> Giuseppe Lo Biondo wrote:
> > Hi!
> > I'm trying to store X.509 Certificates in my OpenLDAP server.
> > I successfully stored my certificate in the server and the netscape
> > addressbook displays it correctly. (it is stored as usercertificate;binary
> > and I've encoded the DER certificate using ldif -b )
> > When I try to download the certificate using the security tabs, my browser
> > finds the certificate but it seems to ignore it when I try to download
> > (I've tried with my cert and with another's person cert).
> > I've already seen various threads of discussion in this mailing list and
> > this seems a known problem, has anyone found the right recipe to make this
> > work?
> > Giuseppe Lo Biondo
> can you give some more details about "seems to ignore it"?
> without really understanding your problem, here's a few thoughts. if you
> already have the certificate--such as your own--it won't add it again. check
> the "people" section in certificates and see what's there.
The certificate I try to download is not in my keyring neither is mine.
To store the certificate I encoded a pem file using ldif -b (that is a
base64 encoding I guess). the certificate is stored in the
userCertificate;binary attibute and I've seen that a query using for
example ldapsearch returns the decoded certificate.
Now I wonder who decodes the certificate! slapd or the client? Does slapd
understand that ;binary is a subtype and decodes it? Or the string
"userCertificate;binary" is an attibute on his own and only the clients
I think that there is nothing wrong with the cert itself since the
certicate in pem format is correctly loaded into netscape if I load it
trough a web page with a script such as the following..
Anyway I still don't understand why netscape does not load the certificate
trough the security dialogs even if it claims that a certificate was
found in the LDAP server.