[Date Prev][Date Next]
Re: userSMIMECertificate in inetOrgPerson
Pete Palmer wrote:
> Like the other users,
> Navigator can show the details of the cert contained in
> userCertificate;binary:: but will not return that cert when a Messenger
> directory lookup is used.
Off course it does.
> The mailing list discussions say that I
> should be using the userSMIMECertificate attribute, which is what
> Netscape apparently looks for keyed on the the e-mail address.
> Has anyone come up with an example (or see an example posted) of a
> sample ldif entry for using userSMIMECertificate in inetOrgPerson?
> I saw the message from Jeff Weinstein explaining how I should create a
> zero-body S/MIME signed message and use it for the userSMIMECertificate
> (http://www.openldap.org/lists/openldap-devel/199904/msg00037.html), but
> I can't make an entry in my ldif that ldapadd will accept.
AFAIK this message does not explain in detail how to create the data
for the userSMIMECertificate attribute (except using Netscape to
upload your *own* certificate with "Send Certificate to Directory"
in the Security Prefs dialogue).
This posting mainly explains why there is a userSMIMECertificate
attribute and which advantages it has in conjunction with deploying
S/MIME. Read it again more carefully. You have to use the private
key to create the signed PKCS#7 blob stored in userSMIMECertificate