Re: Netscape Certificates in OpenLDAP

[Giuseppe Lo Biondo <Giuseppe.LoBiondo@mi.infn.it>]

On Wed, 22 Mar 2000, Michael [iso-8859-1] Ströder wrote:

> Giuseppe Lo Biondo wrote:
> > 
> > To store the certificate I encoded a pem file
> 
> You have to encode a DER-encoded cert file. If you're using OpenSSL
> you have to convert the cert with "openssl x509 [..] -outform DER".

I've already tried (with oscar) to do so but netscape (4.72) crashes when
I try to display the entry. I'll try again using openssl.
 
> If the cert is stored properly it's displayed in the Netscape
> Navigator when accessing the appropriate LDAP URL (e.g. by
> double-clicking the address book entry).

Well, now I'm really confused! 

Here's what I've done:

/usr/local/sbin/ldif -b "usercertificate;binary" < certificate  > cert.ldif

where certificate is a pem file, and as you can see at the URL

ldap://bond.cnaf.infn.it/cn= Giuseppe Lo Biondo,ou=people,ou=Sezione di
Milano,o=Istituto Nazionale di Fisica Nucleare,c=it

The certificate is properly displayed (actually I don't know if it is
the right way but it looks like netscape is happy about the certificate).


> > -----BEGIN CERTIFICATE-----
> > MIID+DCCA2GgAwIBAgIBSzANBgkqhkiG9w0BAQQFADBGMQswCQYDVQQGEwJJVDEN
> > ....
> > ....
> > -----END CERTIFICATE-----
> 
> Wrong.

but it works! Doing so I can still import certificates automatically by
the WEB. Can you tell me what I miss?

Many thanks for your suggestions.
Giuseppe