[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Netscape Certificates in OpenLDAP
On Wed, 22 Mar 2000, Michael [iso-8859-1] Ströder wrote:
> Giuseppe Lo Biondo wrote:
> >
> > To store the certificate I encoded a pem file
>
> You have to encode a DER-encoded cert file. If you're using OpenSSL
> you have to convert the cert with "openssl x509 [..] -outform DER".
I've already tried (with oscar) to do so but netscape (4.72) crashes when
I try to display the entry. I'll try again using openssl.
> If the cert is stored properly it's displayed in the Netscape
> Navigator when accessing the appropriate LDAP URL (e.g. by
> double-clicking the address book entry).
Well, now I'm really confused!
Here's what I've done:
/usr/local/sbin/ldif -b "usercertificate;binary" < certificate > cert.ldif
where certificate is a pem file, and as you can see at the URL
ldap://bond.cnaf.infn.it/cn= Giuseppe Lo Biondo,ou=people,ou=Sezione di
Milano,o=Istituto Nazionale di Fisica Nucleare,c=it
The certificate is properly displayed (actually I don't know if it is
the right way but it looks like netscape is happy about the certificate).
> > -----BEGIN CERTIFICATE-----
> > MIID+DCCA2GgAwIBAgIBSzANBgkqhkiG9w0BAQQFADBGMQswCQYDVQQGEwJJVDEN
> > ....
> > ....
> > -----END CERTIFICATE-----
>
> Wrong.
but it works! Doing so I can still import certificates automatically by
the WEB. Can you tell me what I miss?
Many thanks for your suggestions.
Giuseppe