[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Certificate in openldap
man, 2003-01-20 kl. 21:21 skrev Richard Levitte - VMS Whacker:
> tonni> man, 2003-01-20 kl. 14:12 skrev Richard Levitte - VMS Whacker:
> tonni> > In message <001301c2c080$fc22a130$a503a8c0@PCGDL> on Mon, 20 Jan 2003
> tonni> > 13:39:33 +0100, "De Leeuw Guy" <G.De_Leeuw@eurofer.be> said:
> tonni> >
> tonni> > G.De_Leeuw> What is the recommended format of a certificate to add
> tonni> > this cert in ldap ?
> tonni> > G.De_Leeuw> Pem, der, crt ???
> tonni> >
> tonni> > The attribute userCertificate;binary should take a certificate in raw
> tonni> > DER.
> tonni> Possibly. But that will break an awful lot of servers, such as Openldap,
> tonni> and clients that can only work with .pem BER encoding. OTOH, FreeS/WAN
> tonni> IPSEC insists on hashes, together with their .der cert. Not exactly easy
> tonni> for the beginner.
> I'm sorry say what? I've done exactly that, in a simple CA program I
> built not long ago. Of course, in an LDIF file, you'd have this:
> userCertificate;binary:: <...base64-encoded-der...>
>
> And that, BTW, isn't the same thing as a certificate in PEM format.
> PEM has those -----BEGIN ...----- and -----END ...----- lines. Have
> you actually seen that as a userCertificate value?
Sorry, talking generally - obviously at cross purposes. I was talking
about certificates in general.
Best,
Tony
--
Tony Earnshaw
When all's said and done ...
there's nothing left to say or do.
e-post: tonni@billy.demon.nl
www: http://www.billy.demon.nl