[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Certificate in openldap
In message <1043078046.13005.18.camel@localhost> on 20 Jan 2003 16:54:06 +0100, Tony Earnshaw <tonni@billy.demon.nl> said:
tonni> man, 2003-01-20 kl. 14:12 skrev Richard Levitte - VMS Whacker:
tonni> > In message <001301c2c080$fc22a130$a503a8c0@PCGDL> on Mon, 20 Jan 2003
tonni> > 13:39:33 +0100, "De Leeuw Guy" <G.De_Leeuw@eurofer.be> said:
tonni> >
tonni> > G.De_Leeuw> What is the recommended format of a certificate to add
tonni> > this cert in ldap ?
tonni> > G.De_Leeuw> Pem, der, crt ???
tonni> >
tonni> > The attribute userCertificate;binary should take a certificate in raw
tonni> > DER.
tonni>
tonni> Possibly. But that will break an awful lot of servers, such as Openldap,
tonni> and clients that can only work with .pem BER encoding. OTOH, FreeS/WAN
tonni> IPSEC insists on hashes, together with their .der cert. Not exactly easy
tonni> for the beginner.
I'm sorry say what? I've done exactly that, in a simple CA program I
built not long ago. Of course, in an LDIF file, you'd have this:
userCertificate;binary:: <...base64-encoded-der...>
And that, BTW, isn't the same thing as a certificate in PEM format.
PEM has those -----BEGIN ...----- and -----END ...----- lines. Have
you actually seen that as a userCertificate value?
--
Richard Levitte \ Spannvägen 38, II \ LeViMS@stacken.kth.se
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- poei@bofh.se
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.