[Date Prev][Date Next] [Chronological] [Thread] [Top]

for aia and cdp; crl and ca publishing in ldap

To: openldap-technical@openldap.org
Subject: for aia and cdp; crl and ca publishing in ldap
From: "lux-integ" <lux-integ@btconnect.com>
Date: Tue, 23 Sep 2014 10:58:30 +0100
Organization: bv
User-agent: KMail/1.13.5 (Linux/3.1.4nbfARAID; KDE/4.4.5; x86_64; ; )

Greetings,

I am   learning to use openldap.  I want to publish  CA certificates and crls  
( in der format ) in an ldap database.
I came accross this link
http://www.tldp.org/HOWTO/archived/LDAP-Implementation-HOWTO/certificates.html 
)
it  relates to publishing 1 certificate. However, I would like to be able to 
use  one entry in the database  to later   access 2 objects  by URL entry (i) 
so called AuthorityInformationAccess (CA certificate location ) and (ii) CDP 
(crl distribution point.    So  I have 2 questions:

QUESTION1
=========
I would like to know if I can publish 2 certififates and in the ldif have 
someting  such as :-

#-----------
dn:                     cn=certs,dc=example,dc=com
ObjectClass:            Top
ObjectClass:            ApplicationProcess
ObjectClass:            SimpleSecurityObject
CertificateRevocationList::-------someBinaryFile
CACertificate::-------------------someBinaryFile
cn:                      certs
UserPassword:            cert-password


QUESTION2
=========
if I have the files   binary File_crl and CAcertificate  can I replace  lines 
5 and 6 above like this?:

CertificateRevocationList;binary: < /path/to/someBinaryFile_File_crl
CACertificate;binary: < /path/to/someBinaryFile_CACertificate

and if so which is the recommended  file insertion  or use of pointer?


Advice on the above or better methods to proceed will be gratefully received.

thanks in advance
luxInteg

Prev by Date: access control with pbind overlay
Next by Date: Re: Problem: LDAP installation without internet
Index(es):
- Chronological
- Thread