Hi Norbert, Thanks for this reply. I believe I' ve already correctly done what you say. The certificate encoding should already be DER. To clarify things a little bit, what I am trying to do is to import somebody else's certificate into Netscape's "Security->Certificate->People". In fact, the LDAP entry under which the certificate has been published into LDAP looks like this: dn: "cn=tizi, ou=Pescheria, o=Consip SpA, c=IT" objectclass=top objectclass=person objectclass=strongAuthenticationUser cn=tizi sn=tizi mail=ezio@hotmail.com usersmimecertificate;binary= NOT ASCII I' m able to happily get back the certificate from LDAP using ldapsearch. Also, if I query OpenLDAP with an ldap://.../ URL I can see the certificate on the browser along with the other attributes of the "ezio" entity. Netscape communicator shows the certificate "This certificate belongs to ...." but of course I cannot import it because it's a read only query. I believe there must be something wrong with the certificate itself .... I attach the "tizi's" certificate to this e-mail, just in case you want to have a look at it ! The certificat has been created with the OSCAR pki toolkit ("certgen" utility). OSCAR is an Open Source toolkit and API framework to enable CA services. You may want to visit http://oscar.dstc.qut.edu.au/ if you want to know more about OSCAR. I do thank you so much again for your reply. Bye, L. Modeo ----- Original Message ----- From: Norbert Klasen <klasen@pool.informatik.rwth-aachen.de> To: Leonardo Modeo <l.modeo@tin.it> Sent: Friday, May 05, 2000 9:30 AM Subject: Re: openldap config for netscape certificates? (partial success) > Hello Leonardo, > > I' ve come as far as you already have in making netscape communicator > > work fine with openldap to get S/MIME certificates. Communicator > > (4.6.1 on Linux kernel 2.2.17) detects that a certificate exists for > > any member of the directory, but the certificate does not get properly > > imported into the browser. > > S/MIME certificates vave to be stored DER encoded under the > "usercertificate;binary" attribute for Netscape to read them. > > -- > Bye > Norbert > > --- http://www-users.rwth-aachen.de/Norbert.Klasen/index.html >
Attachment:
tizi.cert
Description: Binary data