This answer refers to what seems to be a bug in Netscape 4.x when importing X.509 certificates from OpenLDAP. What happens is that when one tries to get a client certificate from OpenLDAP with Netscape 4.x (Security->Certificates->People->Search Directory) a message appears from Netscape saying something like: "certificate found for the following email user: <email address follows>".
Sometimes the certificate is not really imported in Netscape, despite the previous message says the certificate has been successfully imported.
This happens when the certificate has been generated without an e-mail address into the subject DN field. Netscape should prompt an error message in this case, but it does not.
So, it seems that Netscape acts like this when he has to import certificates
from Directory:
1) Search Directory for entries with "mail" attribute matching subject
e-mail
2) Get certificate from directory (if any)
3) Really import certificate if and only if there is a matching e-mail
attribute in the subject's certificate
lmodeo@hotmail.com |