In this version, it would appear that the certs are no longer in the fileysystem but
exist only in the database.
The only cert that also exists in the filesystem is the CA certificate (cacert.der,
.pem).
I have not fooled with it yet, but it looks like there is a tool ( openca-getcert ) to
pull the cert from the database.
On a similar note, if a cert is created manually using the commandline tools, s there
a tool to get it into the database?
thanks!
On Mon, Aug 13, 2001 at 03:38:26PM +0200, Robert Hannemann wrote:
> Michael Bell wrote:
> >
> > Dave Botsch wrote:
> > >
> > > so, there appear to be two separate and perhaps related problems.
> > >
> > > 1. the code attempts to actually add to an attribute called
>usercertificate;binary. Of course, this attribute does not exist, so it is created by
>the ldap server for that paticular record. Where in the code can this be fixed?
> >
> > ldap-utils.lib (sub addLDAPobject and sub addLDAPattribute).
> >
> > > In an earlier post, I posted the audit logs showing this happening. The
>functions I was referred to did not exist.
> > >
> > > I should add that this version of OpenCA is the latest out . .0.8.x (not the
>snapshots). They use the perl-ldap perl modules.
> >
> > An this is actually my problem. It looks like you are really experienced
> > with directoryservers. So now I have a question ;-D
> >
> > You need something that looks like
> >
> > attribute: userCertificate
> > data: userCertificate;binary:: sldfkjslkfj
> >
> > The name of the attribute is clear but is "userCertificate;binary:: "
> > directly on the top of the data which I submit? The perlcode would then
> > looks like (no correct syntax but I hope you understand what I mean):
> >
> > push @values, "userCertificate;binary:: ".$obj->getDER();
> > $mesg = $ldap->modify ($dn, replace => {'userCertificate' => [ @values
> > ]});
> >
> > Perhaps I must encode the DER-cert with MIME::Base64::encode but this is
> > not the problem. The problem is the data and how to submit the
> > information that the data is binary without submitting a wrong
> > attributename.
>
> Why you don�t store the certificate in DER Format
> (usercertificate;binary:/usr/local/RAServer/....01.der) ?
>
> Regards,
> Robert
>
> >
> > > 2. Neither Netscape Communicator nor MS Outlook Express think there are any
>digital certificates (I just tested MS OE) present. When viewing an LDAP entry from
>the Netscape address book, the usercertificate is displayed as ascii garbage (it
>looks like the DER format, alright and not the BER format shown in the audit log).
> > >
> > > Perhaps there is somethign about the certificate Netscape/MS OE do not like? Do
>these programs verify the DN in the cert matches the DN of the LDAP entry? Are they
>looking for some specific extension that may not be present in the cert?
> >
> > These are questions where Massimiliano normally knows more about it
> > (he's back around August the 13th).
> >
> > Thanks in advance,
> >
> > Michael
> > --
> > ----------------------------------------------------------------------------
> > Michael Bell Email: [EMAIL PROTECTED]
> > Rechenzentrum - Datacenter Email (work):
> > [EMAIL PROTECTED]
> > Humboldt-University of Berlin Tel.(work): +49 (0)30-2093 2482
> > Unter den Linden 6 Fax.(work): +49 (0)30-2093 2959
> > 10099 Berlin
> > Germany [OpenCA Core
> > Developer]
> >
> > http://openca.sourceforge.net
> >
> > _______________________________________________
> > Openca-Users mailing list
> > [EMAIL PROTECTED]
> > http://lists.sourceforge.net/lists/listinfo/openca-users
>
> _______________________________________________
> Openca-Users mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/openca-users
--
********************************
David William Botsch
[EMAIL PROTECTED]
********************************
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/openca-users
