[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Netscape Certificates in OpenLDAP

On Wed, 22 Mar 2000, Mark Krischer wrote:

> Giuseppe Lo Biondo wrote:
> > Hi!
> >
> > I'm trying to store X.509 Certificates in my OpenLDAP server.
> >
> > I successfully stored my certificate in the server and the netscape
> > addressbook displays it correctly. (it is stored as usercertificate;binary
> > and I've encoded the DER certificate using ldif -b )
> >
> > When I try to download the certificate using the security tabs, my browser
> > finds the certificate but it seems to ignore it when I try to download
> > (I've tried with my cert and with another's person cert).
> >
> > I've already seen various threads of discussion in this mailing list and
> > this seems a known problem, has anyone found the right recipe to make this
> > work?
> >
> > Giuseppe Lo Biondo
> can you give some more details about "seems to ignore it"?
> without really understanding your problem, here's a few thoughts.  if you
> already have the certificate--such as your own--it won't add it again.  check
> the "people" section in certificates and see what's there.
> --mk

The certificate I try to download is not in my keyring neither is mine.

To store the certificate I encoded a pem file using ldif -b (that is a
base64 encoding I guess). the certificate is stored in the
userCertificate;binary attibute and I've seen that a query using for
example ldapsearch returns the decoded certificate.

Now I wonder who decodes the certificate! slapd or the client? Does slapd
understand that ;binary is a subtype and decodes it? Or the string  
"userCertificate;binary"  is an attibute on his own and only the clients
recognise it? 

I think that there is nothing wrong with the cert itself since the
certicate in pem format is correctly loaded into netscape if I load it
trough a web page with a script such as the following..

print "Content-type:application/x-x509-email-cert\n\n";
print <<EOB;

Anyway I still don't understand why netscape does not load the certificate
trough the security dialogs even if it claims that a certificate was
found in the LDAP server. 

Many thanks.