Michael, I am using CP Directory Server v4.1. This LDAP server is very hard in X.500 schema. But, It's very stable. This LDAP Directory work with Entrust solutions in 100% (plug and play) but the schema requirements from entrust are very different to openca.
Sorry, It's CRL When load the CA certificate in the LDAP, I am using a DN like: "cn=CA name,o=Acme,c=CL" but, when I load the CRL to this certificate, the ldap library function use a DN like: [EMAIL PROTECTED],cn=CA name,o=Acme,c=CL and the ldap functions return an error message that mean this can not find the CA certificate object. Yes, my CA cert include the emailAddress. Thanks, I 'll try to modify the openssl config file. could That modification bring me problems in the future??? Do you have any document with the openca schema description to define certificate objects and the application over Internet??? Thanks again! Mauricio. ----- Original Message ----- From: "Michael Bell" <[EMAIL PROTECTED]> To: "OpenCA" <[EMAIL PROTECTED]> Sent: Tuesday, October 29, 2002 6:01 AM Subject: Re: [Openca-Users] emailAddress in DN > Hi, > > it's a little bit difficult to understand what's going wrong. > > Mauricio Rojas (ISC) wrote: > > > Because, my ldap server can not work with the serialNumber in the DN user > > certificate. > > This is normally a problem with your schemas. Which ldap-server do you use? > > > But, I have problem to update the RCL. because, the ldap modify operation > > use CA DN with emailAddress append to the real CA DN. > > 1. What is a RCL? Is it only a typo and you mean CRL? > 2. Sorry, but the the real CA DN includes the emailAddress in your case. > > > This append when the ldap-utils.lib function get the ISSUER value and > > storage this in the var $dn > > This means the DN of you CA-cert includes the emailaddress. > > > How can I set the CA configuration to make the CA Certificate without > > emailAddress in its DN??? > > Simply don't enter the emailaddress during the requestgeneration. If you > you need the emailaddress in the subject alternative then you can enter > it in OPENCADIR/etc/openssl/openssl.cnf. > > Best regards > > Michael > -- > ------------------------------------------------------------------- > Michael Bell Email (private): [EMAIL PROTECTED] > Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] > Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 > Unter den Linden 6 Fax: +49 (0)30-2093 2959 > 10099 Berlin > Germany http://www.openca.org > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Openca-Users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/openca-users > ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
