[Date Prev][Date Next] [Chronological] [Thread] [Top]

R: openldap config for netscape certificates? (partial success)



Hi Norbert,

Thanks for this reply.

I believe I' ve already correctly done what you say. The certificate
encoding should already be DER.
To clarify things a little bit, what I am trying to do is to import somebody
else's certificate into Netscape's "Security->Certificate->People".
In fact, the LDAP entry under which the certificate has been published into
LDAP looks like this:

dn: "cn=tizi, ou=Pescheria, o=Consip SpA, c=IT"
objectclass=top
objectclass=person
objectclass=strongAuthenticationUser
cn=tizi
sn=tizi
mail=ezio@hotmail.com
usersmimecertificate;binary= NOT ASCII

I' m able to happily get back the certificate from LDAP using ldapsearch.
Also, if I query OpenLDAP with an ldap://.../ URL I can see the certificate
on the browser along with the other attributes of the "ezio" entity.
Netscape communicator shows the certificate "This certificate belongs to
...." but of course I cannot import it because it's a read only query.

I believe there must be something wrong with the certificate itself .... I
attach the "tizi's" certificate to this e-mail, just in case you want to
have a look  at it !

The certificat has been created with the OSCAR pki toolkit ("certgen"
utility). OSCAR is an Open Source toolkit and API framework to enable CA
services. You may want to visit http://oscar.dstc.qut.edu.au/ if  you want
to know more about OSCAR.

I do thank you so much again for your reply.

Bye,
L. Modeo

----- Original Message -----
From: Norbert Klasen <klasen@pool.informatik.rwth-aachen.de>
To: Leonardo Modeo <l.modeo@tin.it>
Sent: Friday, May 05, 2000 9:30 AM
Subject: Re: openldap config for netscape certificates? (partial success)


> Hello Leonardo,
> > I' ve come as far as you already have in making netscape communicator
> > work fine with openldap to get  S/MIME certificates.   Communicator
> > (4.6.1 on Linux kernel 2.2.17) detects that a certificate exists for
> > any member of the directory, but the certificate does not get properly
> > imported into the browser.
>
> S/MIME certificates vave to be stored DER encoded under the
> "usercertificate;binary" attribute for Netscape to read them.
>
> --
> Bye
>   Norbert
>
> --- http://www-users.rwth-aachen.de/Norbert.Klasen/index.html
>

Attachment: tizi.cert
Description: Binary data