[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Certificate in openldap

man, 2003-01-20 kl. 21:21 skrev Richard Levitte - VMS Whacker:

> tonni> man, 2003-01-20 kl. 14:12 skrev Richard Levitte - VMS Whacker:
> tonni> > In message <001301c2c080$fc22a130$a503a8c0@PCGDL> on Mon, 20 Jan 2003
> tonni> > 13:39:33 +0100, "De Leeuw Guy" <G.De_Leeuw@eurofer.be> said:
> tonni> > 
> tonni> > G.De_Leeuw> What is the recommended format of a certificate to add
> tonni> > this cert in ldap ?
> tonni> > G.De_Leeuw> Pem, der, crt ???
> tonni> > 
> tonni> > The attribute userCertificate;binary should take a certificate in raw
> tonni> > DER.

> tonni> Possibly. But that will break an awful lot of servers, such as Openldap,
> tonni> and clients that can only work with .pem BER encoding. OTOH, FreeS/WAN
> tonni> IPSEC insists on hashes, together with their .der cert. Not exactly easy
> tonni> for the beginner.

> I'm sorry say what?  I've done exactly that, in a simple CA program I
> built not long ago.  Of course, in an LDIF file, you'd have this:

>   userCertificate;binary:: <...base64-encoded-der...>
> And that, BTW, isn't the same thing as a certificate in PEM format.
> PEM has those -----BEGIN ...----- and -----END ...----- lines.  Have
> you actually seen that as a userCertificate value?

Sorry, talking generally - obviously at cross purposes. I was talking
about certificates in general.




Tony Earnshaw

When all's said and done ...
there's nothing left to say or do.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl